Subject Re: [Firebird-Architect] RC4
Author Jim Starkey
On 11/18/2010 11:33 AM, Alex Peshkoff wrote:
>>>> 4. The server decrypts the session key and uses it for subsequent
>>>> communication (RC4 by default)
>>>> The server will stop responding to an account after n successive
>>>> failures for an account for progressively increasing time to thwart
>>>> dictionary attacks.
>>> Taking into an account IPs having too many failures is also useful.
>> Good point, but it doesn't help against a distributed dictionary attack.
> Yes, but taking into an account only username does not help if attacker
> wants to crack any name, not only particular one. Certainly, from
> distributed attack on any users, not one particular, nothing of this
> helps - but on firebird I prefer to check both logins and IPs. And as a
> last measure - if a total of failed login attempts (for different users,
> from different IPs) becomes too big, I delay all logins (certainly not
> progressively) for some amount of time.

I understand the logic, but doesn't that encourage distributed denial of
service attacks? All they have to do is throw a bunch random
connections and the database shuts down...

I think a better approach would be to start waving red flags at humans
telling them that the system is under attack and let them figure out
what to do.

Jim Starkey
Founder, NimbusDB, Inc.
978 526-1376