ssh brute force attacks 3208
Peter T. Breuer I deleted a bunch of Peter's typical red herrings and nit-pickings...
No we are not.
Fine - and he does that by spoofing your IP address and doing failed logins to your target box, which causes the target to block your IP for login attempts. Voila: DOS.
That's the mechanism used to effect the DOS by the person who wants to DOS you. So why do you consider the two different things?
So? Tell that to them, not me!
But they are not trying to - they are DOSing the login service on whatever machine you set up the blocking mechanism via failed logins.
Peter T. Breuer we know for For the umpteenth time, buttuming that the blocking script is stupid enough to add that particular ip...
Eh? What relevance is your home address? And why should they need to know it? They can use every address - maybe your IP address too, if they want. Why wouldn't they? And what do you think is secret about your home address?
Peter T. Breuer introducing just test tomorrow then your has to know you addresses your OK. But...
I don't understand you. Why should you think somebody would attack your web server? Where does it come into the picture? As far as I know you simply have a machine Y on which you block IP addresses which fail to login correctly. Fine - if you login from X, then somebody can DOS you by simply spoofing X and failing to login.
What's the big deal with that simple idea? Where do webservers come into this?
And if they want to find out where you normally log in from (why should they bother?) they simply have to observe you doing a remote login.
I don't understand you - nobody is imagining these special situations. We only know that you have machines Y and X. Y has a blocking mechanism triggered by failed logins. Fine. So we spoof X and fail a login to Y. Hey presto - you're DOSed by your own blocking mechanism.
Peter T. Breuer them is red Ayup. As usual, dear Peter, while I truly respect and admire your intelligence and knowledge, your personality could use a long session...
I don't understand you. What are you on about?
I simply do not know what you are talking about. Or why!
Sure. How else can you tell?
Why would you unblock addresses that have been blocked? What's the point of blocking them if you are going to unblock them every day! Well, I suppose it would give you some relief, but it's not worth it - you still will be DOSed after half an hour again.
For myself, I jealously guard my collection of blocked IPs!
Well, I certainly never allow root login, or su.
No, I am not defending anything! I am simply trying to explain to you that an automatic blocking scheme leads to a DOS vulnerability, something which you seem stubbornly too dense to get, not matter how carefully and how slowly it is explained to you, and no matter how hard your nose is rubbed in actual pictures of it.
Peter
Linux groups from Newsgroups