|
Making a change to dynamically update the connection filters in the event of a suspected dictionary attack is easier for Windows than it is for UNIX servers. Which platform are you running on?
Also, here are a few other questions that I would love your feedback on if we implemented this (other's please chime in too):
1. Do you want VShell to update / integrate w/ existing filter list?
2. Do you want the dynamic entries to persist across restart?
3. Do you want timeouts or thresholds?
4. Do you want the option to let the attacker think he/she/it is continuing to make progress?
5. Do you want to be able to minimize the effect of the dynamic response on legitimate connections from the attacking IP?
--kelli
|