DragonFly BSD
DragonFly users List (threaded) for 2010-03
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: Security process


From: Walter <walter@xxxxxxx>
Date: Tue, 09 Mar 2010 12:16:30 -0500

Aggelos Economopoulos wrote:
Walter wrote:
I got curious about BSD (DragonFly, specifically) security and
wondered why there wasn't a security process that processed all
security-relevant error messages which could then be used to
block IPs, disable user accounts, and kill processes.

Because a) such a mechanism could be used for DoS attacks on the system itself b) whether an error message is "security-relevant" is not something one can decide with a trivial heuristic c) most network services are 3rd-party software that we have no control over d)...

I don't understand how blocking an IP that has had a hundred failed login attempts in the last ten minutes could create a DoS hole...

What if someone hacked an account and started trying
to gain root access?  Aren't there ways to tell you've
got a hacker online before he/she compromises your
system?  It seems like a good thing to know.  Yet, as
I must admit, I have no idea what tools are in place
which might be used to gage this.  The heuristics may
not be trivial, but could be developed... I was just
wondering why no one had tried it.

At least
it'd be a step to automating *some* obvious security measures
rather than requiring root action.  Things like repeated login-
in failures from external (as in China) IPs.  Anyone?

"External" to what? FYI people in China are potential users of DragonFlyBSD (or indeed any free software project) as much as those in any other country. Some have even been known to be important developers...

No offense meant to China. It just happened that a few weeks ago that I needed to grant FTP access to an outside user, and in an hour I had one of those 'bots' trying to gain access to my computer - the IP resolved to China. It was just an example.

I just thought that I'd like a tool that once I got some
definable failed login attempts that I'd like the computer
to automatically shunt the source IP for a while.



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]