Self Defense thourg DoS... ? (was: too many illegal connection
attempts through ssh)
Hexren
me at hexren.net
Wed Apr 13 15:30:16 PDT 2005
> On Wednesday 13 April 2005 23:55, Hexren wrote:
>> > Just an idea...
>>
>> > Benjamin Rossen
>>
>> ---------------------------------------------
>>
>> Sounds fun but opens the door for every local user with ssh access to
>> DOS the machine he is on. I am not that found of the idea.
> Not at all. Let us say that a trusted authority were to operate the central
> server. The central server would not authorize a coordinated defensive DOS
> unless there were to be evidence that the cracker had been attacking many
> machines - perhaps the criterion could be framed to trigger a defensive DOS
> only if it were established that the cracker had been attacking many
> disparate machines in different parts of the world.
> Who is tracking this kind of thing centrally? No one. When you find that
> someone is trying to get into one of your servers you have no idea of what
> else that individual may be doing. A central trusted authority would know.
> Benjamin Rossen
---------------------------------------------
"Central _trusted_ authority" leaves a bitter taste in my mouth... but
then I may be paranoid.
Anyway if I am a local user on a machine and I have access to an ssh
binary (that is what I meant with "ssh access") and bash, I can churn out connections
with the only limit beeing my bandwith and system limits on the number
of processes I can run at one time. But even with these set to
sensible defaults say 10 processes and 1/10 of site bw. I am able to
"attack many disparate machines in different parts of the world"
therefore I am able to trigger a _defensive_ DoS against the machine
in that I am.
Regards
Hexren
More information about the freebsd-questions
mailing list