From owner-freebsd-questions@FreeBSD.ORG Wed Apr 13 22:30:15 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E294B16A4CE for ; Wed, 13 Apr 2005 22:30:15 +0000 (GMT) Received: from helium.webpack.hosteurope.de (helium.webpack.hosteurope.de [217.115.142.90]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8CC0143D39 for ; Wed, 13 Apr 2005 22:30:15 +0000 (GMT) (envelope-from me@hexren.net) Received: by helium.webpack.hosteurope.de running Exim 4.34 using asmtp helo=hexren.steenbuck.net) id 1DLqNA-0000TB-9L; Thu, 14 Apr 2005 00:30:12 +0200 Date: Thu, 14 Apr 2005 00:30:11 +0200 From: Hexren X-Mailer: The Bat! (v1.62i) Business X-Priority: 3 (Normal) Message-ID: <16324081427.20050414003011@hexren.net> To: Benjamin Rossen In-Reply-To: <200504140011.44565.b.rossen@onsnet.nu> References: <36f5bbba050406001514562df7@mail.gmail.com> <19221994686.20050413235524@hexren.net> <200504140011.44565.b.rossen@onsnet.nu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: freebsd-questions@freebsd.org Subject: Self Defense thourg DoS... ? (was: too many illegal connection attempts through ssh) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Hexren List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Apr 2005 22:30:16 -0000 > On Wednesday 13 April 2005 23:55, Hexren wrote: >> > Just an idea... >> >> > Benjamin Rossen >> >> --------------------------------------------- >> >> Sounds fun but opens the door for every local user with ssh access to >> DOS the machine he is on. I am not that found of the idea. > Not at all. Let us say that a trusted authority were to operate the central > server. The central server would not authorize a coordinated defensive DOS > unless there were to be evidence that the cracker had been attacking many > machines - perhaps the criterion could be framed to trigger a defensive DOS > only if it were established that the cracker had been attacking many > disparate machines in different parts of the world. > Who is tracking this kind of thing centrally? No one. When you find that > someone is trying to get into one of your servers you have no idea of what > else that individual may be doing. A central trusted authority would know. > Benjamin Rossen --------------------------------------------- "Central _trusted_ authority" leaves a bitter taste in my mouth... but then I may be paranoid. Anyway if I am a local user on a machine and I have access to an ssh binary (that is what I meant with "ssh access") and bash, I can churn out connections with the only limit beeing my bandwith and system limits on the number of processes I can run at one time. But even with these set to sensible defaults say 10 processes and 1/10 of site bw. I am able to "attack many disparate machines in different parts of the world" therefore I am able to trigger a _defensive_ DoS against the machine in that I am. Regards Hexren