|
|
On Tue, 13 Sep 2011 20:17:11 +0100, Orchid XP v8 wrote:
> On 13/09/2011 08:03 PM, Jim Henderson wrote:
>> On Tue, 13 Sep 2011 19:53:17 +0100, Orchid XP v8 wrote:
>>
>>> I still think the main problem is that to allow somebody to send you
>>> data, you have to figure out how to prevent anybody *else* sending you
>>> data.
>>
>> No, that's easy. It's called "authentication and authorisation".
>
> Ah, I see.
>
> So how do you prevent somebody connecting to your server a thousand
> times per second and feeding it duff credentials, thereby preventing any
> legitimate users logging in, and wasting lots of CPU power?
On my system, I use a tool called blockhosts. After 5 failed attempts,
the portmapper won't allow them to connect to the service any more -
which slows them down (because it doesn't send an ack) and allows legit
users to login - even on the same port/service - and doesn't waste any
CPU power at all.
> See, security isn't so simple...
It is when you know what tools are available to use. That's different
than "security is hard".
Jim
Post a reply to this message
|
|