I wonder if there is a way that a firewall rule could be written, that would let a trickle of the connection from Joe through, so as his dictionary attack gets backed up with a huge number of connections which are trickling through at such a slow rate, with maybe just enough delay built in to make it keep trying.... Basically making Joe's compromised computer useless.. and maybe he'd at least turn it off if it didn't lock up all by itself....
i knew someone once that wrote a countermeasures script that basically kept a look out for script kiddie type attacks. It was pretty good and he showed me once where he pointed a win2k box at his firewall and launched an 'attack' at which point the firewall did its thing and the win2k workstation bluescreened - was pretty funny to watch but not entirely sure about the legality of counterattacks.
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
