View Single Post
  #11  
Old 12-15-2005, 08:37 PM
rblackwell's Avatar
rblackwell rblackwell is offline
Registered User
 
Join Date: Dec 2005
Posts: 4
Okay, it is so close to Christmas that I'm going to put forward my anti-Dictionary Attack wish. That is, that VShell would handle brute force attacks in a similar way that W2k3 does. W2k3 can be configured such that if it gets x bad logon attempts in y minutes, the account being tried is disabled for z minutes.

VShell would not disable accounts however. Rather it would drop connection requests from offending hosts. Specifically, the administrator would configure VShell such that if it received x bad logon attempts in y minutes, the IP address of the offending host would be blacklisted and connections from it would be denied for z minutes. In this scenerio, x and y are integers >= 1 , and z is an integer = -1 or >= 1. If z = -1, the blacklisting would not expire and remain in effect until cleared by an administrator (manually or via some script). Finally, IP addresses/blocks with z value could be manually added by the administrator to the blacklist.

Keeping a permanent blacklist would not be helpful to us (even though I've allowed for it above). We need to provide access world-wide. Besides, the script-kiddies banging on our doors are not coming from the same IP address/block, and IP spoofing is not difficult. Such an approach would be like locking doors that are not going to be tried again. Rather, I believe that throwing up enough speed bumps in front of these tykes will get them to move on to more fertile ground.

So, to answer Kelli's questions from Oct 20:

1. Sure!
2. Yes, please.
3. Goes without saying -- speaks directly to the point!
4. Oh boy! Tar pits! Well, only if you're feeling a wee mischievous, but don't put yourself out on my account.
5. Ummm. Do you mean if the attacker gets the password correct that we can expediate their connection? No, but thanks for asking.

Cheers!
Reply With Quote