Illegal access attempt - FreeBSD 5.4 Release - please advise
nikolas.britton at gmail.com
Sun Aug 28 03:18:03 GMT 2005
On 8/27/05, freebsd-questions at auscert.org.au
<freebsd-questions at auscert.org.au> wrote:
> > if this server was used by 100+ people i would of course not have such a
> > harsh security script set up. everyone who uses it has great experience
> > and understands the consequences. like i said before, this is usually
> > for personal use and has about 12 users total. if this was used to
> > manage ssh on something big i would lower the security measures.
> > hope you can understand some now :)
> Certainly. However, given that you are willing to accept (risk?) 5 attempts
> at a legitimate account I don't believe there would be any greater risk
> in allowing the same for invalid accounts also, given that the likelihood
> of gaining access to those is actually less - and it would make your script
> simpler, too, whilst preventing the (albeit, unlikely in your situation)
> possibility of a DoS to a valid user. To be honest, reversing your logic
> somewhat wrt valid/invalid accounts and 1/5 attempts could have merit also.
> That said, I'd be interested in seeing how you implement this with swatch
> as I'm looking at log parsing solutions in general.
I'd like to see it too, my logs are filled with brute force ssh login
attempts. I'd like something like...
x attempts in y time blocks source IP (or class c block etc.) for z hours.
More information about the freebsd-questions