[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] blocking hack attempts


  • Subject: Re: [Openvpn-users] blocking hack attempts
  • From: Leonardo Rodrigues Magalhães <leolistas@xxxxxxxxxxxxxx>
  • Date: Wed, 02 Jan 2008 07:48:38 -0200



Leonardo Rodrigues Magalhães escreveu:

If your VPN is for remote users, i'll suppose you're running OpenVPN in TLS mode, creating digital certificates for each users, etc etc. Maybe you have some authentication schema as well, but i'll suppose you DO have digital certificates for EACH user. In that case, you should notice that a bruteforce attack for establishing the VPN is MUCH harder than a simple attack on username/password like SSH ones. Even if you have some authentication schema for establishing the VPN, you should remember that authentication occurs AFTER the data channel has beng secured. Nobody would be able to bruteforce username/password before establishing the TLS channel. And that would be simple. In fact, bruteforcing that is supposed to be VERY VERY difficult.


i forgot one word .... where i wrote ' ... nobody would be able to bruteforce username/password before establishing the TLS channel. And that would be simple. .... ' you should read '... before establishing the TLS channel. And that, establish the TLS channel, would NOT be simple'.

--


	Atenciosamente / Sincerily,
	Leonardo Rodrigues
	Solutti Tecnologia
	http://www.solutti.com.br

	Minha armadilha de SPAM, NÃO mandem email
	gertrudes@xxxxxxxxxxxxxx
	My SPAMTRAP, do not email it




Attachment: smime.p7s
Description: S/MIME Cryptographic Signature