From owner-freebsd-questions@FreeBSD.ORG Tue Jan 11 15:55:34 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 08B3216A4CE for ; Tue, 11 Jan 2005 15:55:34 +0000 (GMT) Received: from granger.mail.mindspring.net (granger.mail.mindspring.net [207.69.200.148]) by mx1.FreeBSD.org (Postfix) with ESMTP id C6A2743D58 for ; Tue, 11 Jan 2005 15:55:33 +0000 (GMT) (envelope-from keebler@mindspring.com) Received: from user-11faknj.dsl.mindspring.com ([66.245.82.243] helo=[192.168.1.100]) by granger.mail.mindspring.net with esmtp (Exim 3.33 #1) id 1CoOMn-0001Sc-00 for freebsd-questions@freebsd.org; Tue, 11 Jan 2005 10:55:33 -0500 Message-ID: <41E3F6B5.50604@mindspring.com> Date: Tue, 11 Jan 2005 10:54:29 -0500 From: Carleton Vaughn User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <41E36115.6050003@Bomgardner.net> <41E3E02B.9080800@mindspring.com> <44llb0hvut.fsf@be-well.ilk.org> In-Reply-To: <44llb0hvut.fsf@be-well.ilk.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: High levels of breakin attempts X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Jan 2005 15:55:34 -0000 Lowell Gilbert wrote: > Always remember, however, to be careful that this doesn't open you up > to an easy denial-of-service attack. If all somebody has to do is try > to log in a half-dozen times to lock out the IP address they're > connecting from, you may be making it possible for them to attack your > operation without breaking into your machine. An excellent point, although if they're doing this from their own, valid IP it seems they're DOSing themselves. > "5 or 6" login attempts doesn't remotely constitute a "brute force" > attack. From what I've seen on my own machine, these attempts seem to > be trying passwords from a particular Linux distribution that shipped > with default passwords on a number of accounts. Sometimes it makes me > feel better to lock out such "attacks," but I don't actually kid > myself into thinking that I'm either improving my own security or > inconveniencing the attacker noticeably. There's been discussion of this specific script around and speculation as to who patrick, rolo and horde are. Since the script isn't actually doing anything *clever*, it's probably not worth confronting with tools. I am, however, curious as to *how* to confront it with tools, on account of I have lots and lots to learn about security and have been relying more or less on the sensibilities of FreeBSD's default install. -- Carleton Vaughn College Park, Georgia, USA