[WBEL-users] SSH Hack/Login attempts

[Shawn M. Jones]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

David Overholser wrote:
| We use APF firewall along w/Brute Force Detection..both are from
| www.rfxnetworks.com  they work great.  With the bruteforce detection
you can
| set it to however many attempts you want before it will block their
ip...so
| if you want it to block anyone after 5 attempts its very easy to be done.
| There are instructions for both at whiteboxforum.com under
security....hope
| this helps.

I am often reluctant to use this feature on many firewalls/NIDSes
because of the fact that if an attacker knows you are blocking their IP
based on suspicious traffic, they can create a DoS.

For example, say they send you a bunch of suspect packets with the
source IP of the root name servers.

Just a thought,

Shawn M. Jones
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBFnfOgaOAAb5cjIkRAtYrAJ4migpHN742N8YfFW9Ca3w4YeFbZACfac6u
3sLTkbjKiDTuUj4em+VyvJE=
=FDrA
-----END PGP SIGNATURE-----