[EAS] [BC] EAS Zombie Attack Solution?
Jason Stroll
jstroll at whbc.com
Tue Feb 12 21:58:46 CST 2013
Do the hardware vendors have blacklists/whitelists enabled?
If a particular IP address is brute forcing a login that IP is added into a blacklist after X unsuccessful attempts. That list will slow down connections as every new connection has to be looked up against the list, but I would think it would stop the problem. It would not eliminate DDOS attacks however. Allowing an administrator to view the list of IPs on the blacklist would be nice as well. The boxes could send this info to a central server, which would instantly show trends on blacklisted IPs. Perhaps this master list could be used to update all other Endec units like how SORBS works for blacklisting email spam relays.
Jason Stroll
Assistant Engineer / IT
WHBC 94.1 1480
More information about the EAS
mailing list