Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 27 Aug 2005 22:18:01 -0500
From:      Nikolas Britton <nikolas.britton@gmail.com>
To:        "freebsd-questions@auscert.org.au" <freebsd-questions@auscert.org.au>
Cc:        nawcom <nawcom@nawcom.no-ip.com>, freebsd-questions@freebsd.org
Subject:   Re: Illegal access attempt - FreeBSD 5.4 Release - please advise
Message-ID:  <ef10de9a0508272018453f9b7f@mail.gmail.com>
In-Reply-To: <200508280228.j7S2Sfx0052319@app.auscert.org.au>
References:  <43110754.6010608@nawcom.no-ip.com> <200508280228.j7S2Sfx0052319@app.auscert.org.au>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 8/27/05, freebsd-questions@auscert.org.au
<freebsd-questions@auscert.org.au> wrote:
> > if this server was used by 100+ people i would of course not have such =
a
> > harsh security script set up. everyone who uses it has great experience
> > and understands the consequences. like i said before, this is usually
> > for personal use and has about 12 users total. if this was used to
> > manage ssh on something big i would lower the security measures.
> >
> > hope you can understand some now :)
>=20
> Certainly. However, given that you are willing to accept (risk?) 5 attemp=
ts
> at a legitimate account I don't believe there would be any greater risk
> in allowing the same for invalid accounts also, given that the likelihood
> of gaining access to those is actually less - and it would make your scri=
pt
> simpler, too, whilst preventing the (albeit, unlikely in your situation)
> possibility of a DoS to a valid user. To be honest, reversing your logic
> somewhat wrt valid/invalid accounts and 1/5 attempts could have merit als=
o.
>=20
> That said, I'd be interested in seeing how you implement this with swatch
> as I'm looking at log parsing solutions in general.
>=20

I'd like to see it too, my logs are filled with brute force ssh login
attempts. I'd like something like...

x attempts in y time blocks source IP (or class c block etc.) for z hours.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ef10de9a0508272018453f9b7f>