Re: How to block a brut force attack?

[Robert van der Meulen <rvdm () cistron nl>]

Quoting Ramin Alidousti (ramin () cannon eng us uu net):
> Rate limiting, if your fw supports it.
Bad idea; your firewall'd have to rate-limit at a content-level, as
requesting lots of files/images at the same time is not the same as
hammering on a password validation form, but looks almost the same when you
look at the traffic on a lower (TCP/IP instead of HTTP) level.
Same goes for users behind proxies, NAT networks, etc etc.

If this would've been a console-ish application, the tip would be 'make sure
authentication requests are handled more slow, so the hammering person is
discouraged'; you can do something like that in a web-based app as well,
although it's more work.

anyways, this doesn't seem like a question for the snort mailing list; maybe
you're better off on the 'secure programming' list on securityfocus ?

Greets,
        Robert 
-- 
                              Linux Generation
   encrypted mail preferred. finger rvdm () debian org for my GnuPG/PGP key.
   Nine out of ten men who preferred Camels have switched back to women.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users