Re: [courier-users] How to track failed authentication attempts?

Wed, 16 Feb 2011 11:50:23 -0800 

Hello Alessandro Vesely,

Am 2011-02-16 12:20:00, hacktest Du folgendes herunter:
> Hi :-)

> Thus an 87382-node botnet can break an average password with 18 bits
> of entropy* by the end of the day, with three attempts from each IP.

> Many times?  If "many" is 35 times per day for 20 years, that makes
> for about 255675 attempts: barely enough to break that 18-bit entropy
> password, let alone a strong one.  OTOH, a million-node botnet could
> easily afford a few thousands attempts per day, from different IP
> addresses, without being noticed.  It would crack most passwords in a
> few months.

Hehe, in 2009 (some of my servers are in Khoy/Iran) I have gotten massiv
hack attempts but my 7600 has blocked the crap successfuly.

Unfortunately Linux can not do that.

And I had millions of hack attempts  and  DoS  attacks...  (someone  had
claimed I am working for the iranian government and tried to  pull  down
my internet service with 8 Courier- and 5 Web-Servers for 18k DSL users)

I think, it depends on your configuration.

> IMHO, counting the global number of failures can counter that.  A
> smart system could even estimate the entropy of a cleartext password
> and compute N above as a safe fraction of the required number of
> attempts, in order to avoid being unduly intrusive.

Thanks, Greetings and nice Day/Evening
    Michelle Konzack

-- 
##################### Debian GNU/Linux Consultant ######################
   Development of Intranet and Embedded Systems with Debian GNU/Linux

itsystems@tdnet France EURL       itsystems@tdnet UG (limited liability)
Owner Michelle Konzack            Owner Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz                 Kinzigstraße 17
67100 Strasbourg/France           77694 Kehl/Germany
Tel: +33-6-61925193 mobil         Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix

<http://www.itsystems.tamay-dogan.net/>  <http://www.flexray4linux.org/>
<http://www.debian.tamay-dogan.net/>         <http://www.can4linux.org/>

Jabber [email protected]
ICQ    #328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/

Attachment: signature.pgp
Description: Digital signature

------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to