[CentOS] Paranoid Firewalling

Tue Sep 6 21:04:34 UTC 2005
Alex White <ethericalzen at gmail.com>

Kirk Bocek wrote:
> Scot L. Harris wrote:
> 
>> Actually this won't reduce any bandwidth to your server.  The probes
>> still hit that address, you are just blocking those packets in iptables
>> from begin able to get any further.  
> 
> 
> Are you saying that the single connect-and-drop that this scheme 
> introduces is going to use the same bandwidth as a brute-force password 
> attack on hundreds of login names?
<snipped>

Question, because I am not sure. Wouldn't the script that is being 
run have to be intelligent enough to move to the next machine 
without exhausting its attempts at guessing passwords in order for 
your firewalling scheme to effectively reduce bandwidth?

What I mean is, the script attempts to connect and try a password. 
It doesn't get a response so it assumes that the machine simply 
returned a login denied and tries again. It may try this several 
times per username (depending on the script). If that's the case, as 
it's not actually bothering to keep track of success of connection 
you're getting the same amount of connects as previously. Is that 
not true?

Now granted the above scenario is assuming a truly brain dead 
script, but they aren't all that more sophisticated than that (some 
of them).

Curious,

Alex