[WBEL-users] SSH Hack/Login attempts
Shawn M. Jones
smj@littleprojects.org
Sun, 08 Aug 2004 14:58:25 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David Overholser wrote:
| We use APF firewall along w/Brute Force Detection..both are from
| www.rfxnetworks.com they work great. With the bruteforce detection
you can
| set it to however many attempts you want before it will block their
ip...so
| if you want it to block anyone after 5 attempts its very easy to be done.
| There are instructions for both at whiteboxforum.com under
security....hope
| this helps.
I am often reluctant to use this feature on many firewalls/NIDSes
because of the fact that if an attacker knows you are blocking their IP
based on suspicious traffic, they can create a DoS.
For example, say they send you a bunch of suspect packets with the
source IP of the root name servers.
Just a thought,
Shawn M. Jones
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBFnfOgaOAAb5cjIkRAtYrAJ4migpHN742N8YfFW9Ca3w4YeFbZACfac6u
3sLTkbjKiDTuUj4em+VyvJE=
=FDrA
-----END PGP SIGNATURE-----