High levels of breakin attempts
Carleton Vaughn
keebler at mindspring.com
Tue Jan 11 07:55:34 PST 2005
Lowell Gilbert wrote:
> Always remember, however, to be careful that this doesn't open you up
> to an easy denial-of-service attack. If all somebody has to do is try
> to log in a half-dozen times to lock out the IP address they're
> connecting from, you may be making it possible for them to attack your
> operation without breaking into your machine.
An excellent point, although if they're doing this from their own, valid
IP it seems they're DOSing themselves.
> "5 or 6" login attempts doesn't remotely constitute a "brute force"
> attack. From what I've seen on my own machine, these attempts seem to
> be trying passwords from a particular Linux distribution that shipped
> with default passwords on a number of accounts. Sometimes it makes me
> feel better to lock out such "attacks," but I don't actually kid
> myself into thinking that I'm either improving my own security or
> inconveniencing the attacker noticeably.
There's been discussion of this specific script around and speculation
as to who patrick, rolo and horde are. Since the script isn't actually
doing anything *clever*, it's probably not worth confronting with tools.
I am, however, curious as to *how* to confront it with tools, on
account of I have lots and lots to learn about security and have been
relying more or less on the sensibilities of FreeBSD's default install.
--
Carleton Vaughn
College Park, Georgia, USA
More information about the freebsd-questions
mailing list