Security Basics mailing list archives
Re: Brute force attacks
From: Manuel Arostegui Ramirez <manuel () todo-linux com>
Date: Thu, 31 May 2007 19:46:40 +0200
El Jueves, 31 de Mayo de 2007 14:37, Mohamad Mneimneh escribió:
Hi List, I've been experiencing brute force dictionary attacks from various sources against my gateway. The attacker is trying all kinds of username/password combinations to get in. I have traced the source IP addresses on internet authorities such as Ripe, Arin & Apnic; the feedback I get is that "Country is really world wide". I then traced the IPs using visual route, and saw that their locations vary widely; some of them are in the US, some in China, others in Poland... What are my options in such a case? Have you ever experienced such a behavior? And what are the best practices that apply?
Since you have a server turn on 24x7 that type of attacks are quite common. You should not worry as long as you have good passwords, that's to say, no stupid passwords like "dog" "myname" "qwerty"...basically dictionary ones. However, depending on the service you experimented the attacks to, you might want to set up some sort of program such as fail2ban or just some iptables rules to block that IP, for instance, after 3 or 4 failed login attemps, you know. On the other hand, If you feel like to report the attacker IP to his ISP, just do it, but in my opinion it's quite worthless. So well, don't worry about brutte force attacks they have been and they're gonna be common whether you mind or not. Just define a good password policy for your users (if the scenario is a company you're responsible of)... All the best. Manuel -- Manuel Arostegui Ramirez. Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues.
Current thread:
- Brute force attacks Mohamad Mneimneh (May 31)
- Re: Brute force attacks Ali, Saqib (May 31)
- Message not available
- Re: Brute force attacks Eric Stacey (May 31)
- Message not available
- Re: Brute force attacks David Bergert (May 31)
- Re: Brute force attacks Ali, Saqib (May 31)
- Re: Brute force attacks Manuel Arostegui Ramirez (May 31)
- <Possible follow-ups>
- Re: Brute force attacks krymson (May 31)