|
|
Sponsored Content
Special Forums
Cybersecurity
Network attack - so what?
Post 302384667 by sysgate on Wednesday 6th of January 2010 04:34:45 AM
01-06-2010
|
|
7 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
since putting my pc online, it keeps getting slower and i dig the logfile to have such a surprise:
this is just one of a many and I beleived it's a bruteforce attack
how do i block this IP 200.41.81.228 from trying to knock my online pc?
my system:
FreeBSD testing.net 6.2-STABLE-JE... (6 Replies)
Discussion started by: rdns
6 Replies
2. Cybersecurity
REPLAY ATTACK.
Can some one elobrate on measures to encounter this problem of replay atack on network. (3 Replies)
Discussion started by: Ashvin Gaur
3 Replies
3. IP Networking
A server I host is having very rare glitches where a file the user downloads will have incorrect contents. This almost never happens when I am looking, I caught it once and only once -- a user messaged me saying his antivirus had given him a warning about an image file downloaded from his... (2 Replies)
Discussion started by: Corona688
2 Replies
4. Cybersecurity
About 3 days ago our Apache logs started filling with the following errors:
mod_ssl: SSL handshake failed (server <weberver>:443, client 41.235.234.172) (OpenSSL library error follows)
OpenSSL: error:1408A0B7:SSL routines:SSL3_GET_CLIENT_HELLO:no ciphers specified
These initially were... (1 Reply)
Discussion started by: ccj4467
1 Replies
5. Cybersecurity
Hi,
I have a belkin router installed and a look at the security log has got me worried a little bit.
Security log:
Fri Jan 29 20:41:46 2010
=>Found attack from 68.147.232.199.
Source port is 58591 and destination port is 12426 which use the TCP protocol.
Fri Jan 29 20:41:46 2010 ... (1 Reply)
Discussion started by: jld
1 Replies
6. Cybersecurity
Is this an attack attempt? I got an e-mail from 'uucp Admin' last night and again this morning:
What does it mean and what can I do about it? Thanks (4 Replies)
Discussion started by: ctafret
4 Replies
7. Emergency UNIX and Linux Support
Dear community,
my site was recently attacjed by DDOS technique and goes down in a few minutes. My site runs under Debian/Apache2/Mysql.
I identified the IPs who attack me and block it through iptable firewall from debian.
Something like:
iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP
This... (7 Replies)
Discussion started by: Lord Spectre
7 Replies
LEARN ABOUT REDHAT
pam_fail_delay
PAM_FAIL_DELAY(3) Programmers' Manual PAM_FAIL_DELAY(3) NAME
pam_fail_delay - request a delay on failure SYNOPSIS
#include <security/pam_appl.h> or, #include <security/pam_modules.h> int pam_fail_delay(pam_handle_t *pamh, unsigned int usec); DESCRIPTION
It is often possible to attack an authentication scheme by exploiting the time it takes the scheme to deny access to an applicant user. In cases of short timeouts, it may prove possible to attempt a brute force dictionary attack -- with an automated process, the attacker tries all possible passwords to gain access to the system. In other cases, where individual failures can take measurable amounts of time (indi- cating the nature of the failure), an attacker can obtain useful information about the authentication process. These latter attacks make use of procedural delays that constitute a covert channel of useful information. To minimize the effectiveness of such attacks, it is desirable to introduce a random delay in a failed authentication process. Linux-PAM provides such a facility. The delay occurs upon failure of the pam_authenticate(3) and pam_chauthtok(3) functions. It occurs after all authentication modules have been called, but before control is returned to the service application. The function, pam_fail_delay(3), is used to specify a required minimum for the length of the failure-delay; the usec argument. This func- tion can be called by the service application and/or the authentication modules, both may have an interest in delaying a reapplication for service by the user. The length of the delay is computed at the time it is required. Its length is pseudo-gausianly distributed about the maximum requested value; the resultant delay will differ by as much as 25% of this maximum requested value (both up and down). On return from pam_authenticate(3) or pam_chauthtok(3), independent of success or failure, the new requested delay is reset to its default value: zero. EXAMPLE
For example, a login application may require a failure delay of roughly 3 seconds. It will contain the following code: pam_fail_delay(pamh, 3000000 /* micro-seconds */ ); pam_authenticate(pamh, 0); if the modules do not request a delay, the failure delay will be between 2.25 and 3.75 seconds. However, the modules, invoked in the authentication process, may also request delays: (module #1) pam_fail_delay(pamh, 2000000); (module #2) pam_fail_delay(pamh, 4000000); in this case, it is the largest requested value that is used to compute the actual failed delay: here between 3 and 5 seconds. RETURN VALUE
Following a successful call to pam_fail_delay(3), PAM_SUCCESS is returned. All other returns should be considered serious failures. ERRORS
May be translated to text with pam_strerror(3). CONFORMING TO
Under consideration by the X/Open group for future inclusion in the PAM RFC. 1996/1/10 BUGS
none known. SEE ALSO
pam_start(3), pam_get_item(3) and pam_strerror(3). Also, see the three Linux-PAM Guides, for System administrators, module developers, and application developers. Linux-PAM 0.56 1997 Jan 12 PAM_FAIL_DELAY(3)