Date: Mon, 3 May 2010 09:41:10 -0500 From: John <john@starfire.mn.org> To: freebsd-questions@freebsd.org Subject: pf suggestions for paced attack Message-ID: <20100503144110.GA14402@elwood.starfire.mn.org>
next in thread | raw e-mail | index | archive | help
The script kiddies have apparently figured out that we use some time-window sensitivity in our adaptive filtering. From sshd, I've been seeing "reverse mapping checking getaddrinfo ... failed" and from ftpd (when I have the port open at all, which is rare), I am seeing probes at about 27 second intervals. This stays well below the 3/30 (three connections in 30 seconds) sensitivity that I had been using. It took them nearly two and a half hours to make 154 attemps, but computers are very patient. I have now changed the timing window sensivity, but it's to the point now where there's a significant probability that someone could lock themselves out (temporarily, at least, I do clear these tables periodically) if they are having a bit of a fat-finger moment with their password. Anybody got any superior suggestions? -- John Lind john@starfire.MN.ORG
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100503144110.GA14402>