Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 11 Jan 2005 10:54:29 -0500
From:      Carleton Vaughn <keebler@mindspring.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: High levels of breakin attempts
Message-ID:  <41E3F6B5.50604@mindspring.com>
In-Reply-To: <44llb0hvut.fsf@be-well.ilk.org>
References:  <41E36115.6050003@Bomgardner.net> <41E3E02B.9080800@mindspring.com> <44llb0hvut.fsf@be-well.ilk.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Lowell Gilbert wrote:
> Always remember, however, to be careful that this doesn't open you up
> to an easy denial-of-service attack.  If all somebody has to do is try
> to log in a half-dozen times to lock out the IP address they're
> connecting from, you may be making it possible for them to attack your
> operation without breaking into your machine.

An excellent point, although if they're doing this from their own, valid 
IP it seems they're DOSing themselves.

> "5 or 6" login attempts doesn't remotely constitute a "brute force"
> attack.  From what I've seen on my own machine, these attempts seem to
> be trying passwords from a particular Linux distribution that shipped
> with default passwords on a number of accounts.  Sometimes it makes me
> feel better to lock out such "attacks," but I don't actually kid
> myself into thinking that I'm either improving my own security or
> inconveniencing the attacker noticeably.

There's been discussion of this specific script around and speculation 
as to who patrick, rolo and horde are.  Since the script isn't actually 
doing anything *clever*, it's probably not worth confronting with tools. 
  I am, however, curious as to *how* to confront it with tools, on 
account of I have lots and lots to learn about security and have been 
relying more or less on the sensibilities of FreeBSD's default install.

-- 
Carleton Vaughn
College Park, Georgia, USA



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41E3F6B5.50604>