Re: Safe bruteforce rule for mobile-friendly website

2013-02-08 Thread Mikkel Bang
So is there any point in having bruteforce for httpd? Especially now that mobile is the future? Mikkel 2013/2/7 Mikkel Bang facebookman...@gmail.com I forget if mobiles do more prefetching on dns and/or tcp on mobiles but perhaps that's worth considering as a culprit. My God Kevin,

Re: Safe bruteforce rule for mobile-friendly website

2013-02-07 Thread Mikkel Bang
Thanks guys! I had to disable it as soon as I found out so the relevant logs are probably too far up the buffer, but I'll set up a test server ASAP and study the tcpdump in detail. Somehow your mobiles hit either the fifteen new connections per five seconds max (that's only three new

Re: Safe bruteforce rule for mobile-friendly website

2013-02-07 Thread Kevin Chadwick
I had to disable it as soon as I found out so the relevant logs are probably too far up the buffer, but I'll set up a test server ASAP and study the tcpdump in detail. I forget if mobiles do more prefetching on dns and/or tcp on mobiles but perhaps that's worth considering as a culprit. Does

Re: Safe bruteforce rule for mobile-friendly website

2013-02-07 Thread Mikkel Bang
I forget if mobiles do more prefetching on dns and/or tcp on mobiles but perhaps that's worth considering as a culprit. My God Kevin, that's gotta be it! Does the page have more than 15 links? Yep, like 16-17 or so :) Mikkel 2013/2/7 Kevin Chadwick ma1l1i...@yahoo.co.uk I had to

Safe bruteforce rule for mobile-friendly website

2013-02-06 Thread Mikkel Bang
Hi, Turns out this (http://home.nuug.no/~peter/pf/en/long-firewall.html) bans any IP connecting from mobile devices: pass in on $ext_if inet proto tcp from any to any port 80 keep state (max-src-conn 100, max-src-conn-rate 15/5, overload bruteforce flush global) Works fine when connecting from

Re: Safe bruteforce rule for mobile-friendly website

2013-02-06 Thread Michał Markowski
2013/2/6 Mikkel Bang facebookman...@gmail.com: Works fine when connecting from regular PCs though. Why is that? Do mobile devices connect differently somehow? Start in /var/log, I suppose. -- Michał Markowski

Re: Safe bruteforce rule for mobile-friendly website

2013-02-06 Thread Jan Stary
On Feb 06 21:52:20, facebookman...@gmail.com wrote: Hi, Turns out this (http://home.nuug.no/~peter/pf/en/long-firewall.html) bans any IP connecting from mobile devices: pass in on $ext_if inet proto tcp from any to any port 80 keep state (max-src-conn 100, max-src-conn-rate 15/5, overload

Re: Safe bruteforce rule for mobile-friendly website

2013-02-06 Thread Peter N. M. Hansteen
Mikkel Bang facebookman...@gmail.com writes: Turns out this (http://home.nuug.no/~peter/pf/en/long-firewall.html) bans any IP connecting from mobile devices: Well, that document says a lot of other stuff too, so please be more specific. pass in on $ext_if inet proto tcp from any to any port