[ale] Flaw in dd-wrt

Richard Bronosky Richard at Bronosky.com
Sat Jul 25 20:04:48 EDT 2009


I just really like the "there's nothing to see here" aspect of knockd.
I used to use that "drop packets from ips with too many failed logins"
thing. It was the shock of reading its log of attempted attacks that
lead me to start working on a knockd-like solution. I soon found that
it already existed. I kept the tool in place that added iptables rules
on 3 failures, but after 1 year, the only people it ever filtered was
me. So, I declared knockd the victor and only use it now.

On 7/25/09, Pat Regan <thehead at patshead.com> wrote:
> Richard Bronosky wrote:
>> You shouldn't have anything open to the public without knockd.
>
> Why?
>
>> It's another level of protection against brute force attacks.
>
> There are less intrusive ways to accomplish the same thing.  The
> simplest solution for ssh is to just disable password authentication.
> You can't get much more secure than that.
>
> There are also scripts will watch the log file and create iptables rules
> to drop packets from ips with too many failed logins.  You can also
> accomplish the same thing in a much less granular way with just iptables
> rules.
>
> That combined with a reasonable password would give you almost exactly
> as much extra security as port knocking but without the extra effort of
> actually having to knock.
>
> Pat
>
>

-- 
Sent from my mobile device

.!# RichardBronosky #!.


More information about the Ale mailing list