Re: PAM tarpit module for repeated SSH login attempts

To: debian-security@lists.debian.org
Subject: Re: PAM tarpit module for repeated SSH login attempts
From: Martin Reising <martin.reising@natural-computing.de>
Date: Wed, 20 Oct 2004 13:27:36 +0200
Message-id: <[🔎] 20041020112736.GA2359@union.natural-computing.de>
Mail-followup-to: mreising@murphy.debian.org, debian-security@lists.debian.org
In-reply-to: <[🔎] 20041020095007.GA23486@cirrus.madduck.net>
References: <[🔎] 4175B52A.5040504@princeton.edu> <[🔎] 20041020095007.GA23486@cirrus.madduck.net>

On Wed, Oct 20, 2004 at 11:50:07AM +0200, martin f krafft wrote:
> For a tarpit, the best thing to do would be simply to drop the
> connection without sending a FIN or RST packet. I don't know if PAM
> can do this.
> 
> Otherwise, just hold the connection open for several minutes and do
> nothing. After that time, send a RST or just drop it from the table.

AFAIK PAM is designed do return a single value like PAM_SUCCESS or
PAM_XXX_ERR, so the above isn't anything to deal with PAM.

-- 
Martin Reising			mailaddress see header
natural computing GmbH		http://www.natural-computing.de/
Martener Str. 535 		Phone: +49 231 6104850 
44379 Dortmund			Fax:   +49 231 6104840

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: PAM tarpit module for repeated SSH login attempts
  - From: Michael Stone <mstone@debian.org>

References:
- Re: PAM tarpit module for repeated SSH login attempts
  - From: "Kevin B. McCarty" <kmccarty@Princeton.EDU>
- Re: PAM tarpit module for repeated SSH login attempts
  - From: martin f krafft <madduck@debian.org>

Prev by Date: Re: PAM tarpit module for repeated SSH login attempts
Next by Date: Re: PAM tarpit module for repeated SSH login attempts
Previous by thread: Re: PAM tarpit module for repeated SSH login attempts
Next by thread: Re: PAM tarpit module for repeated SSH login attempts
Index(es):
- Date
- Thread