Re: Brute force attacks

[Manuel Arostegui Ramirez <manuel () todo-linux com>]

El Jueves, 31 de Mayo de 2007 14:37, Mohamad Mneimneh escribió:
> Hi List,
>
> I've been experiencing brute force dictionary attacks from various
> sources against my gateway. The attacker is trying all kinds of
> username/password combinations to get in.
>
> I have traced the source IP addresses on internet authorities such as
> Ripe, Arin & Apnic; the feedback I get is that "Country is really world
> wide". I then traced the IPs using visual route, and saw that their
> locations vary widely; some of them are in the US, some in China, others
> in Poland...
>
> What are my options in such a case? Have you ever experienced such a
> behavior? And what are the best practices that apply?

Since you have a server turn on 24x7 that type of attacks are quite common.
You should not worry as long as you have good passwords, that's to say, no 
stupid passwords like "dog" "myname" "qwerty"...basically dictionary ones.

However, depending on the service you experimented the attacks to, you might 
want to set up some sort of program such as fail2ban or just some iptables 
rules to block that IP, for instance, after 3 or 4 failed login attemps, you 
know.

On the other hand, If you feel like to report the attacker IP to his ISP, just 
do it, but in my opinion it's quite worthless.

So well, don't worry about brutte force attacks they have been and they're 
gonna be common whether you mind or not. Just define a good password policy 
for your users (if the scenario is a company you're responsible of)...

All the best.
Manuel

-- 
Manuel Arostegui Ramirez.

Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.