3 Oct
2009
3 Oct
'09
18:19
Hi! Am Samstag 03 Oktober 2009 18:56:23 schrieb Per Jessen:
Carlos E. R. wrote:
On Saturday, 2009-10-03 at 18:36 +0200, Per Jessen wrote:
Yeah, I have similar rules on all of my systems, but like I said, this attack appears to be specifically designed to circumvent that type of protection.
The defense would have to be collaborative. Machines being attacked would have to report the IPs the attacks seem to come from to a central server, which would distribute the data to the protected "clients", who would then block the entire list.
Yeah, it's a possibility, but it's certainly a lot less effort to use challenge-response or an alternate port.
Something like that already exists in denyhosts. Regards, Matthias -- Matthias Bach http://www.marix.org