Date: Thu, 14 Apr 2005 00:30:11 +0200 From: Hexren <me@hexren.net> To: Benjamin Rossen <b.rossen@onsnet.nu> Cc: freebsd-questions@freebsd.org Subject: Self Defense thourg DoS... ? (was: too many illegal connection attempts through ssh) Message-ID: <16324081427.20050414003011@hexren.net> In-Reply-To: <200504140011.44565.b.rossen@onsnet.nu> References: <36f5bbba050406001514562df7@mail.gmail.com> <19221994686.20050413235524@hexren.net> <200504140011.44565.b.rossen@onsnet.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Wednesday 13 April 2005 23:55, Hexren wrote: >> > Just an idea... >> >> > Benjamin Rossen >> >> --------------------------------------------- >> >> Sounds fun but opens the door for every local user with ssh access to >> DOS the machine he is on. I am not that found of the idea. > Not at all. Let us say that a trusted authority were to operate the central > server. The central server would not authorize a coordinated defensive DOS > unless there were to be evidence that the cracker had been attacking many > machines - perhaps the criterion could be framed to trigger a defensive DOS > only if it were established that the cracker had been attacking many > disparate machines in different parts of the world. > Who is tracking this kind of thing centrally? No one. When you find that > someone is trying to get into one of your servers you have no idea of what > else that individual may be doing. A central trusted authority would know. > Benjamin Rossen --------------------------------------------- "Central _trusted_ authority" leaves a bitter taste in my mouth... but then I may be paranoid. Anyway if I am a local user on a machine and I have access to an ssh binary (that is what I meant with "ssh access") and bash, I can churn out connections with the only limit beeing my bandwith and system limits on the number of processes I can run at one time. But even with these set to sensible defaults say 10 processes and 1/10 of site bw. I am able to "attack many disparate machines in different parts of the world" therefore I am able to trigger a _defensive_ DoS against the machine in that I am. Regards Hexren
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?16324081427.20050414003011>