Snort mailing list archives
Re: How to block a brut force attack?
From: Robert van der Meulen <rvdm () cistron nl>
Date: Wed, 8 Aug 2001 02:05:35 +0200
Quoting Ramin Alidousti (ramin () cannon eng us uu net):
Rate limiting, if your fw supports it.
Bad idea; your firewall'd have to rate-limit at a content-level, as requesting lots of files/images at the same time is not the same as hammering on a password validation form, but looks almost the same when you look at the traffic on a lower (TCP/IP instead of HTTP) level. Same goes for users behind proxies, NAT networks, etc etc. If this would've been a console-ish application, the tip would be 'make sure authentication requests are handled more slow, so the hammering person is discouraged'; you can do something like that in a web-based app as well, although it's more work. anyways, this doesn't seem like a question for the snort mailing list; maybe you're better off on the 'secure programming' list on securityfocus ? Greets, Robert -- Linux Generation encrypted mail preferred. finger rvdm () debian org for my GnuPG/PGP key. Nine out of ten men who preferred Camels have switched back to women. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How to block a brut force attack? Anthony Geoffron (Aug 07)
- Re: How to block a brut force attack? Ramin Alidousti (Aug 07)
- Re: How to block a brut force attack? Robert van der Meulen (Aug 07)
- <Possible follow-ups>
- RE: How to block a brut force attack? Anthony Geoffron (Aug 07)
- Snort 1.8 WIN32 Larry E. Smith Jr. (Aug 07)
- Re: How to block a brut force attack? Ramin Alidousti (Aug 07)