pf suggestions for paced attack
John
john at starfire.mn.org
Mon May 3 14:41:11 UTC 2010
The script kiddies have apparently figured out that we use some
time-window sensitivity in our adaptive filtering. From sshd, I've
been seeing "reverse mapping checking getaddrinfo ... failed" and
from ftpd (when I have the port open at all, which is rare), I am
seeing probes at about 27 second intervals. This stays well below
the 3/30 (three connections in 30 seconds) sensitivity that I had
been using. It took them nearly two and a half hours to make 154
attemps, but computers are very patient.
I have now changed the timing window sensivity, but it's to the
point now where there's a significant probability that someone could
lock themselves out (temporarily, at least, I do clear these tables
periodically) if they are having a bit of a fat-finger moment with
their password.
Anybody got any superior suggestions?
--
John Lind
john at starfire.MN.ORG
More information about the freebsd-questions
mailing list