Subject Re: [Firebird-Architect] RC4
Author Alex Peshkoff
On 11/18/10 19:47, Jim Starkey wrote:
> On 11/18/2010 11:33 AM, Alex Peshkoff wrote:
>>>>> 4. The server decrypts the session key and uses it for subsequent
>>>>> communication (RC4 by default)
>>>>> The server will stop responding to an account after n successive
>>>>> failures for an account for progressively increasing time to thwart
>>>>> dictionary attacks.
>>>> Taking into an account IPs having too many failures is also useful.
>>> Good point, but it doesn't help against a distributed dictionary attack.
>> Yes, but taking into an account only username does not help if attacker
>> wants to crack any name, not only particular one. Certainly, from
>> distributed attack on any users, not one particular, nothing of this
>> helps - but on firebird I prefer to check both logins and IPs. And as a
>> last measure - if a total of failed login attempts (for different users,
>> from different IPs) becomes too big, I delay all logins (certainly not
>> progressively) for some amount of time.
> I understand the logic, but doesn't that encourage distributed denial of
> service attacks? All they have to do is throw a bunch random
> connections and the database shuts down...
> I think a better approach would be to start waving red flags at humans
> telling them that the system is under attack and let them figure out
> what to do.

As 'red flag' firebird.log is used. What about DoS - yes, it's a kind
of, but I delay not progressively, i.e. each login is denied for 5
seconds. That's not very convenient, but this is far not DoS.