View Single Post
  #2  
Old 10-20-2005, 05:03 PM
kelli.burki's Avatar
kelli.burki kelli.burki is offline
Registered User
 
Join Date: Jan 2004
Location: VanDyke Software
Posts: 33
Making a change to dynamically update the connection filters in the event of a suspected dictionary attack is easier for Windows than it is for UNIX servers. Which platform are you running on?

Also, here are a few other questions that I would love your feedback on if we implemented this (other's please chime in too):

1. Do you want VShell to update / integrate w/ existing filter list?

2. Do you want the dynamic entries to persist across restart?

3. Do you want timeouts or thresholds?

4. Do you want the option to let the attacker think he/she/it is continuing to make progress?

5. Do you want to be able to minimize the effect of the dynamic response on legitimate connections from the attacking IP?

--kelli