Re: defense against password cracking programs

From: Stachu 'Dozzie' K. (cut-to-last-hypen-dozzie_at_dynamit.im.pwr.wroc.pl)
Date: 09/23/04


Date: Thu, 23 Sep 2004 13:44:57 +0000 (UTC)

On 2004-09-21, Solbu wrote:
>
> On onsdag 22. september 2004, 00:13 Bill Unruh tried to express an opinion:
>
>> gaylew@gmail.com (gayle) writes:
>
>> ]Basically, I'm wondering if there is a way to disable log-ins to a
>> ]particular account for some defined period of time (for example, 30
>> ]minutes) after this account is barraged with lots of failed log-in
>> ]attempts (say, 30 failures within 10 minutes).
>>
>> The problem with this is that it allows a denial of service attack. The
>> attacker just barrages with failed attempts, and then suddenly the real
>> user cannot log in. 30 min later he does it again (or rather automates it).
>
> How bout something that blocks the IP of the attacker for a period?
> (for all services.) Then the real user could still log in.

It's probably better idea. You can try running script fetching
information from syslog and dynamically blocking IP.

-- 
Stanislaw Klekot


Relevant Pages

  • Re: defense against password cracking programs
    ... > The problem with this is that it allows a denial of service attack. ... > attacker just barrages with failed attempts, ... How bout something that blocks the IP of the attacker for a period? ... Then the real user could still log in. ...
    (comp.os.linux.security)
  • Re: Need urgent help regarding security
    ... >>If an attacker uses spoofed IP adresses, ... >>easily a denial of service attack. ... > protocol spoofing is not a vector that normally needs to be secured ... > require a compromised router or localnet host at a minimum. ...
    (FreeBSD-Security)
  • Re: defense against password cracking programs
    ... > How bout something that blocks the IP of the attacker for a period? ... Then the real user could still log in. ... Something like portsentry for accounts. ...
    (comp.os.linux.security)