Date: Tue, 11 Jan 2005 10:54:29 -0500 From: Carleton Vaughn <keebler@mindspring.com> To: freebsd-questions@freebsd.org Subject: Re: High levels of breakin attempts Message-ID: <41E3F6B5.50604@mindspring.com> In-Reply-To: <44llb0hvut.fsf@be-well.ilk.org> References: <41E36115.6050003@Bomgardner.net> <41E3E02B.9080800@mindspring.com> <44llb0hvut.fsf@be-well.ilk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Lowell Gilbert wrote: > Always remember, however, to be careful that this doesn't open you up > to an easy denial-of-service attack. If all somebody has to do is try > to log in a half-dozen times to lock out the IP address they're > connecting from, you may be making it possible for them to attack your > operation without breaking into your machine. An excellent point, although if they're doing this from their own, valid IP it seems they're DOSing themselves. > "5 or 6" login attempts doesn't remotely constitute a "brute force" > attack. From what I've seen on my own machine, these attempts seem to > be trying passwords from a particular Linux distribution that shipped > with default passwords on a number of accounts. Sometimes it makes me > feel better to lock out such "attacks," but I don't actually kid > myself into thinking that I'm either improving my own security or > inconveniencing the attacker noticeably. There's been discussion of this specific script around and speculation as to who patrick, rolo and horde are. Since the script isn't actually doing anything *clever*, it's probably not worth confronting with tools. I am, however, curious as to *how* to confront it with tools, on account of I have lots and lots to learn about security and have been relying more or less on the sensibilities of FreeBSD's default install. -- Carleton Vaughn College Park, Georgia, USA
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41E3F6B5.50604>