In Fly swatter, I wrote that the first implementation of ‘Schrödinger’s Honeypot’ carried an inherent potential for Denial of Service, since it blocked the IP address for a whole day on every single violation. Denial-of-Service Over the following evenings, I gave some thought to how this problem could be addressed: How do you solve the dilemma of keeping scanners off your back on one side, while keeping as few legitimate users away as possible on the other? And, taking it one step further: how do you prevent someone from making a sport out of abusing the detection component to block access for everyone else behind a NAT gateway? It’s relatively easy to figure out what the detection component is looking for — just try a few well-known scanner patterns. When the lights go out, you’ve found a pattern. Why? Before I go on, let me answer one question up front. Do I actually need all this? Probably not. I went down this path out of curiosity. My current suspicion is that, given the traffic…
Noch keine Kommentare. Anmelden um im Fediverse zu antworten. Kommentare erscheinen hier.