User: Password:
|
|
Subscribe / Log in / New account

Unrelated IP addresses

Unrelated IP addresses

Posted Nov 2, 2009 12:16 UTC (Mon) by robbe (subscriber, #16131)
In reply to: Unrelated IP addresses by man_ls
Parent article: Distributed brute force ssh attacks

Penalising just the wrong attempts won't work. If a successful attempt
normally gives an ACK after 1s, the attacker won't bother to hang around
for your NACK if you delay it for 5s or 60s or whatever. Therefore all
decent systems delay *both* answers.

You probably have to limit the delay to one minute or less, or your
legitimate users will just declare your host broken.


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds