To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.off-topic.geekOpen lugnet.off-topic.geek in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Off-Topic / Geek / 2111
2110  |  2112
Subject: 
Re: Password crack detection and slowing (was: Re: LUGNET Memberships)
Newsgroups: 
lugnet.admin.general, lugnet.off-topic.geek
Date: 
Tue, 26 Sep 2000 07:58:19 GMT
Viewed: 
33 times
  
In lugnet.admin.general, Todd Lehman writes:
The objective is to limit the overall throughput of brute force or dictionary
cracking attempts, so it wouldn't be necessary to delay upon success, and in
fact delaying upon success (after failure) would make it possible for a
cracker on a shared HTTP proxy server to DoS other innocent people making
legitimiate requests from the same shared IP address.  So not delaying upon
success, even after failure, prevents DoS on shared proxy servers.  :-)

Oh!  One other thing, duh.  An advantage this has over pure semaphores or
mutexes is that, since it has a sort of "memory" about how many times an IP
address has recent sent a failure, it could easily respond with immediate
403 errors (upon continued failure) to the client after it hit some threshold
of failures, or respond with 'Location:' headers pointing at random IP
addresses elsewhere.  ;-)

   print "Location: http://@{[join '.', map {int rand 256} (0..3)]}/\n\n";

Yah, I like that.

--Todd



Message is in Reply To:
  Password crack detection and slowing (was: Re: LUGNET Memberships)
 
(...) I've been thinking about this more tonight, and reading a bit about SysV semaphores, but I don't have experience with them and I'm finding the docs confusing, especially where Perl is concerned. Anyway, upon further reflection, I wonder if (...) (24 years ago, 26-Sep-00, to lugnet.admin.general, lugnet.off-topic.geek)

2 Messages in This Thread:

Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    

Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR