Illegal access attempt - FreeBSD 5.4 Release - please advise
freebsd-questions at auscert.org.au
freebsd-questions at auscert.org.au
Sun Aug 28 02:28:43 GMT 2005
> if this server was used by 100+ people i would of course not have such a
> harsh security script set up. everyone who uses it has great experience
> and understands the consequences. like i said before, this is usually
> for personal use and has about 12 users total. if this was used to
> manage ssh on something big i would lower the security measures.
>
> hope you can understand some now :)
Certainly. However, given that you are willing to accept (risk?) 5 attempts
at a legitimate account I don't believe there would be any greater risk
in allowing the same for invalid accounts also, given that the likelihood
of gaining access to those is actually less - and it would make your script
simpler, too, whilst preventing the (albeit, unlikely in your situation)
possibility of a DoS to a valid user. To be honest, reversing your logic
somewhat wrt valid/invalid accounts and 1/5 attempts could have merit also.
That said, I'd be interested in seeing how you implement this with swatch
as I'm looking at log parsing solutions in general.
best regards,
-- Joel Hatton --
Security Analyst | Hotline: +61 7 3365 4417
AusCERT - Australia's national CERT | Fax: +61 7 3365 7031
The University of Queensland | WWW: www.auscert.org.au
Qld 4072 Australia | Email: auscert at auscert.org.au
More information about the freebsd-questions
mailing list