Op 4 dec 2009, om 06:12 heeft Marconi het volgende geschreven: > There was a recent discussion on the OS X Server list about the > recent nature of Distributed Dictionary Attacks. It seems that > attackers are getting around defenses like Denyhosts by attacking a > huge number of hosts at once such that they try a user/pass on any > given host only once every 12 hours or so. Between attempts on your > host, any given attacker is busy attacking others -- also once in > every 12 hours -- and works its way back to you. > > A DDA as described is able to make just as many attempts but so > infrequently on any one host as to not exceed any reasonable limits > we might set in Denyhosts. > > It seems to me that the way to defend against this is to aggregate > data from as many (attacked) hosts as possible. If data from multiple > attacked hosts showed that an IP address was in fact being used in a > DDA, Synchronization mode could be used to block it even though it > did not exceed any one host's triggers. > > Admittedly, it would be a big job to collect data from multiple > attacked hosts. It would result in far more data than just those > blocked IPs sent in via synch mode currently. The collection point > would have to track each reported IP and, at some predetermined > trigger count, add that IP to the normal Denyhosts synch list. > > Sound feasible? Discuss!
I don't think, also, many administrators would want to send all their data to the sync servers. They may think it's a privacy issue, considering they would have to send every IP that fails to login, to be known to others... But on the other hand, if DenyHosts is simply made smarter to check for recurring IP's every x hours, they will just increase the waiting time. I can see a problem where if you log in 30 times a day and you fail to log in once a day because of typo's, you get blocked... Sjors ------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
