Re: brute force protection

You should be aware that any such "protection" makes for an easy DoS attack. If I don't like you, I'll just repeatedly try to log in using your name. The "protection script" kicks in, and you will be denied access later on.

Using an IP number doesn't prevent the DoS attack, as there's little relation between a user and the IP address. I'm typing this from a company with about 50,000 employees - just in this country, a multitude of them worldwide. And they all use a small set of proxies. There isn't even one located in the country I'm typing this in.

Abigail

Comment on Re: brute force protection

Replies are listed 'Best First'.
Re: Re: brute force protection by twerq (Deacon) on Jun 13, 2002 at 14:02 UTC
I think that the goal of the OP was to deny access from a certain IP due to a suspected brute-force password cracker. In which case there is a strong connection between username and IP -- the username is being cracked from a specific IP. In which case, it is wise to block that IP's access for a length of time. Seems to me that blocking specific known malicious IPs is standard, effective firewalling practice. And last, a DoS attack is always easy, and always possible. It's like vandilism in a way. . . but the methods you have described would be foiled by the OP's solution. If you repeatedly try to log in, you will be denied access. Wasn't that the objective? --twerq	[reply]

Replies are listed 'Best First'.

Re: Re: brute force protection
by twerq (Deacon) on Jun 13, 2002 at 14:02 UTC

always

you

[reply]