Snort mailing list archives
RE: How to block a brut force attack?
From: Anthony Geoffron <anthonyg () passinglane com>
Date: Tue, 7 Aug 2001 17:11:51 -0700
I was wondering if snort actually was able to detect it. It seems like not based on the way this detection pattern has been done. no? -----Original Message----- From: Robert van der Meulen [mailto:rvdm () cistron nl] Sent: Tuesday, August 07, 2001 5:06 PM To: Ramin Alidousti Cc: Anthony Geoffron; snort-users () lists sourceforge net Subject: Re: [Snort-users] How to block a brut force attack? Quoting Ramin Alidousti (ramin () cannon eng us uu net):
Rate limiting, if your fw supports it.
Bad idea; your firewall'd have to rate-limit at a content-level, as requesting lots of files/images at the same time is not the same as hammering on a password validation form, but looks almost the same when you look at the traffic on a lower (TCP/IP instead of HTTP) level. Same goes for users behind proxies, NAT networks, etc etc. If this would've been a console-ish application, the tip would be 'make sure authentication requests are handled more slow, so the hammering person is discouraged'; you can do something like that in a web-based app as well, although it's more work. anyways, this doesn't seem like a question for the snort mailing list; maybe you're better off on the 'secure programming' list on securityfocus ? Greets, Robert -- Linux Generation encrypted mail preferred. finger rvdm () debian org for my GnuPG/PGP key. Nine out of ten men who preferred Camels have switched back to women. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How to block a brut force attack? Anthony Geoffron (Aug 07)
- Re: How to block a brut force attack? Ramin Alidousti (Aug 07)
- Re: How to block a brut force attack? Robert van der Meulen (Aug 07)
- <Possible follow-ups>
- RE: How to block a brut force attack? Anthony Geoffron (Aug 07)
- Snort 1.8 WIN32 Larry E. Smith Jr. (Aug 07)
- Re: How to block a brut force attack? Ramin Alidousti (Aug 07)