High levels of breakin attempts
keebler at mindspring.com
Tue Jan 11 07:55:34 PST 2005
Lowell Gilbert wrote:
> Always remember, however, to be careful that this doesn't open you up
> to an easy denial-of-service attack. If all somebody has to do is try
> to log in a half-dozen times to lock out the IP address they're
> connecting from, you may be making it possible for them to attack your
> operation without breaking into your machine.
An excellent point, although if they're doing this from their own, valid
IP it seems they're DOSing themselves.
> "5 or 6" login attempts doesn't remotely constitute a "brute force"
> attack. From what I've seen on my own machine, these attempts seem to
> be trying passwords from a particular Linux distribution that shipped
> with default passwords on a number of accounts. Sometimes it makes me
> feel better to lock out such "attacks," but I don't actually kid
> myself into thinking that I'm either improving my own security or
> inconveniencing the attacker noticeably.
There's been discussion of this specific script around and speculation
as to who patrick, rolo and horde are. Since the script isn't actually
doing anything *clever*, it's probably not worth confronting with tools.
I am, however, curious as to *how* to confront it with tools, on
account of I have lots and lots to learn about security and have been
relying more or less on the sensibilities of FreeBSD's default install.
College Park, Georgia, USA
More information about the freebsd-questions