On Mon, Oct 10, 2005 at 04:44:13PM +0200, Nicolai Ehemann wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello! > > I just (err, over the last 4 or 5 days) created a (hopefully > standards-compliant) package for the pam_abl PAM module. > > The pam_abl module provides a fully configurable way to automatically > blacklist users and/or hosts with many login failures within specified > intervals of time to be temporarily blacklisted, so that any subsequent > authentication attempt fails (without disclosing the attacker beeing > blacklisted). As the number of password guessing attacks on ssh servers > on the net has strongly grown in the past time, i think this is a useful > addition to security on hosts exposed to the net.
first off: I did not download or review the code and in the next lines I will trespass the border to wild guessing and sheer imagination... What about a "personalized" DoS? If you have remote users on your machine that need to log in from the internet and if any of those remote users has a "common" or even worse(?) known login a small botnet may lead to a DoS for that user. the attacker will just have to user enough different IPs to create false login-attempts for that user to make you block valid logins from that user himself. Possibly a bad idea for a company with some road-warriors... The configuration and use of such a module should be thought over very thoroughly. Kind regards Horst -- Murphy's Law is recursive. Washing your car to make it rain doesn't work. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]