The script kiddies have apparently figured out that we use some time-window sensitivity in our adaptive filtering. From sshd, I've been seeing "reverse mapping checking getaddrinfo ... failed" and from ftpd (when I have the port open at all, which is rare), I am seeing probes at about 27 second intervals. This stays well below the 3/30 (three connections in 30 seconds) sensitivity that I had been using. It took them nearly two and a half hours to make 154 attemps, but computers are very patient.
I have now changed the timing window sensivity, but it's to the point now where there's a significant probability that someone could lock themselves out (temporarily, at least, I do clear these tables periodically) if they are having a bit of a fat-finger moment with their password. Anybody got any superior suggestions? -- John Lind [email protected] _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[email protected]"
