Date: Sun, 28 Aug 2005 12:28:41 +1000 From: freebsd-questions@auscert.org.au To: freebsd-questions@freebsd.org Cc: nawcom <nawcom@nawcom.no-ip.com> Subject: Re: Illegal access attempt - FreeBSD 5.4 Release - please advise Message-ID: <200508280228.j7S2Sfx0052319@app.auscert.org.au> In-Reply-To: Your message of "Sat, 27 Aug 2005 20:37:40 -0400." <43110754.6010608@nawcom.no-ip.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> if this server was used by 100+ people i would of course not have such a > harsh security script set up. everyone who uses it has great experience > and understands the consequences. like i said before, this is usually > for personal use and has about 12 users total. if this was used to > manage ssh on something big i would lower the security measures. > > hope you can understand some now :) Certainly. However, given that you are willing to accept (risk?) 5 attempts at a legitimate account I don't believe there would be any greater risk in allowing the same for invalid accounts also, given that the likelihood of gaining access to those is actually less - and it would make your script simpler, too, whilst preventing the (albeit, unlikely in your situation) possibility of a DoS to a valid user. To be honest, reversing your logic somewhat wrt valid/invalid accounts and 1/5 attempts could have merit also. That said, I'd be interested in seeing how you implement this with swatch as I'm looking at log parsing solutions in general. best regards, -- Joel Hatton -- Security Analyst | Hotline: +61 7 3365 4417 AusCERT - Australia's national CERT | Fax: +61 7 3365 7031 The University of Queensland | WWW: www.auscert.org.au Qld 4072 Australia | Email: auscert@auscert.org.au
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200508280228.j7S2Sfx0052319>