| |
In lugnet.admin.general, Todd Lehman writes:
> The objective is to limit the overall throughput of brute force or dictionary
> cracking attempts, so it wouldn't be necessary to delay upon success, and in
> fact delaying upon success (after failure) would make it possible for a
> cracker on a shared HTTP proxy server to DoS other innocent people making
> legitimiate requests from the same shared IP address. So not delaying upon
> success, even after failure, prevents DoS on shared proxy servers. :-)
Oh! One other thing, duh. An advantage this has over pure semaphores or
mutexes is that, since it has a sort of "memory" about how many times an IP
address has recent sent a failure, it could easily respond with immediate
403 errors (upon continued failure) to the client after it hit some threshold
of failures, or respond with 'Location:' headers pointing at random IP
addresses elsewhere. ;-)
print "Location: http://@{[join '.', map {int rand 256} (0..3)]}/\n\n";
Yah, I like that.
--Todd
|
|
Message is in Reply To:
2 Messages in This Thread:
  
- Entire Thread on One Page:
- Nested:
All | Brief | Compact | Dots
Linear:
All | Brief | Compact
|
|
|
|
