ssh brute force attacks 3211

Peter T. Breuer

I don't understand why you don't understand what is said to you. It is like meeting somebody who is blind to the colour red, and waving a red flag under his nose, and then hearing him ask where the breeze is coming from.

Read it very carefully:

If he spoofs X AND THEN does some failed pbuttword attempts, yes, your proposed mechanism will lock him out, i.e. lock you out.

What is so difficult to understand?

Sure. Exactly. "What if someone spoofs the IP?". Or as I said:

If he spoofs X AND THEN does some failed pbuttword attempts, yes, your proposed mechanism will lock him out, i.e. lock you out.

Do you see the red flag?

I don't understand what you mean. A DOS attack is not a break-in. It's a denial of service. Plainly, if you can't log in to your own machine, because your lock-out mechanism has been tricked by spoofing into locking you out, then you have been denied your usual service of a login!

What's the conceptual difficulty here?

Nobody. Who cares? If you do, then we can fill your logs. So?

Doesn't matter - you will block it, which is the principal DOS. I merely pointed out that you might well also fill your logs with the notices!

And I also pointed out that you might have to block 2^32 IP addresses, which at say 20 bytes each, would be 32GB, which might also nicely fill your disk, to say nothing of simply preventing you logging in at all by dint of making it take so long to search the denied list that the tcp or login timeout is exceeded at every attempt.

Eh? What?

Because you have a mechanism that adds an IP address to a denied file every time somebody tries to login from that IP address three times, and fails. Fine - we're happy to fill yur list with 2^32 IP addresses. See how you like that!

What can you possibly misunderstand?

Why not? How can you misinterpret what is said to you? There is no trick to it!

Peter