On Mon, 2009-05-04 at 09:37 -0400, Patrick Shoemaker wrote: > Just to follow up on this thought, the main "unintended consequence" I > had in mind was a customer running some sort of security verification > suite against his/her own servers. If I were an IT employee using this > sort of software from outside my network, and all of a sudden certain > IPs or subnets can no longer access my company's network for some > unknown reason, I would not be pleased. I would be expecting my ISP to > get packets from point A to point B, not to babysit connections for me.
While I agree that this scenario is an accurate example of one that would create a false positive to the method I use, it is a stretch to call it "normal". I'd bet that if we took a poll here, that we'd find that over 90% (maybe more) of the customer base represented is residential. Additionally, I suspect that at least 80% of the business accounts represented here would not create a false positive. This leaves only 2% in the "at risk" category. It's a very small risk, in my opinion. Furthermore, I've installed this type of solution at the headend of at least 80 networks. Some of these have been running for at least 2 years. I have yet to hear a complaint from my customers (the ISPs). I think that if we assume the 2% number above is accurate (it may be very high), that it is worth the risk to prevent the propagation of this attack mechanism. That's what these things do, by the way. Once a successful login occurs, that machine becomes a bot that is performing the ssh attack itself. Not only does it do that, but it is a likely host to become a spambot as well. It may be that your specific situation makes this approach the wrong choice. If it does, I can only say that your network is an exception and not the "rule" in this case. -- ******************************************************************** * Butch Evans * Professional Network Consultation* * http://www.butchevans.com/ * Network Engineering * * http://www.wispa.org/ * WISPA Board Member * * http://blog.butchevans.com/ * Wired or Wireless Networks * ******************************************************************** -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
