Re: ssh brute force attacks
From: Peter T. Breuer (ptb_at_lab.it.uc3m.es)
Date: 03/21/05
- Next message: Rod Smith: "Re: Recommend an all-in-one printer, copier, scanner?"
- Previous message: Michael Heiming: "Re: ssh brute force attacks"
- In reply to: Tony Lawrence: "Re: ssh brute force attacks"
- Next in thread: Tony Lawrence: "Re: ssh brute force attacks"
- Reply: Tony Lawrence: "Re: ssh brute force attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 21 Mar 2005 00:15:57 +0100
Tony Lawrence <pcunix@gmail.com> wrote:
> Peter T. Breuer wrote:
> > Tony Lawrence <pcunix@gmail.com> wrote:
> > > OK. But that wasn't the question. If somebody wants to DOS me,
> > > there's all kinds of ways to do so, and I don't see why BLOCKING them
> > > creates MORE opportunity.
> >
> > I don't understand why you don't understand what is said to you. It is
> > like meeting somebody who is blind to the colour red, and waving a red
> > flag under his nose, and then hearing him ask where the breeze is
>
> Ayup. As usual, dear Peter, while I truly respect and admire your
> intelligence and knowledge, your personality could use a long session
> with an industrial sander. It seldom fails that you turn abusive when
> someone is struggling to understand you, does it?
??? There is no abuse above. I am describing the situation in words I
hope you can understand. Everyone is saying the same thing to you, and
you act as though you cannot hear or see it!
> Oh, well, that's just the way you are, and your contributions are worth
> it.. I'd rather have them without the abuse, but better that than not
> at all.
What is the abuse! Please try and concentrate - people are saying
things to you and you are not hearing them. Make an effort to look
were you are not looking! There is a red flag being waved below your
nose, and you are wondering where the breeze is coming from. We cannot
make it any more clear!
> > > What was originally said was:
> > >
> > > "Blocking IPs because of failed logins is a nice way introducing
> > > DOS attacks against yourself. What if someone spoofs the IP?"
>
> And that's the question. What if they spoof what IP?
YOUR IP address. The one you normally use.
> My public ?
What on earth do you mean by "my public"? IP addresses are IP
addresses. By definition they are "public", or they wouldn't be any use
to anyone. Try it! There are no secret IP addresses. The full set of
them lies in the range 1 to 2^32-1. Nothing else exists.
If you mean "routable", say "routable", not "public". And note that I
told you that they needed to control your router - but one can get away
without that under some circumstances if one is clever.
And if your IP address is not routable, then what use is it to you? You
can't use it to "log in" anywhere that is of interest to anyone, so
there's no point in DOSing it. You already DOSed it by choosing it
unroutable.
> The
> script isn't
> that dumb.
What "script"? There are no scripts here!
> An internal private ip? Neither my router or my machine
> are dumb enough to accept a packet on an interface it shouldn't have
> come from.
I don't know what you mean, but the whole art of spoofing consists of
doing just what you say you will stop. Your machine of course has no
say in the matter - it will see a perfectly ordinary packet.
> Someone else's public IP?
What are you talking about? Look - you have a machine Y that drops IP
addresses X if logins from X fail too often. FIne, so we spoof X,
and thus execute a DOS attack. Yur login service is now kaput - it
doesn't accept logins from any X that we used any more! Thus "no
login".
> Yes, as noted, I'll be
> temporarily denying that innocent person.
That's DOS. And let the innocent person be "you".
> That's not "against
> yourself", though, but if that's what he meant, great.
Of course it is against yourself! You have an IP address, no? If not,
then what use is your login service to you? None!
> But that can't be the case for someone who has failed login attempts,
> which is where this all started; if you are spoofing an ip, you aren't
> ever going to know whether I ever responded to your login atttempt at
> all!
Eh? What on earth do you mean? We ALREADY know that you block X if X
fails a login. That's why we are pointing out that this leaves you open
to a DOS attack.
There's no need to belabour the point!
I can't take any more of this nonsense - rest snipped. Get it, or pass
out.
> So the only case where this makes any sense at all would be that xyz
> tries to login to my machine, fails, attempts the magic number of times
> in the magic time period, and gets locked out.
OH, brilliant, Moriarty. Does it take you THIS long to figure what
everyone is plainly telling you? That's great.
Peter
- Next message: Rod Smith: "Re: Recommend an all-in-one printer, copier, scanner?"
- Previous message: Michael Heiming: "Re: ssh brute force attacks"
- In reply to: Tony Lawrence: "Re: ssh brute force attacks"
- Next in thread: Tony Lawrence: "Re: ssh brute force attacks"
- Reply: Tony Lawrence: "Re: ssh brute force attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
