bruteblocker

package

v0.0.0-...-3a5708c Latest Latest Go to latest Published: Jan 27, 2019 License: MIT Imports: 1 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/fxnn/gone

Links

Open Source Insights

Documentation ¶

Overview ¶

Package bruteblocker allows to slow down bruteforce attacks by delaying request responses or blocking further authentication attempts for some time. This makes it harder for the attacker to guess passwords or user names, while retaining an acceptable amount of usability for normal users.

The idea is to keep track of the number of failed authentication attempts as well as the timestamp of the last authentication attempt. This is done per user, per IP address and globally.

Per failed authentication attempt, the delay is increased. After a while, the delay is reset to zero.

Index ¶

type BruteBlocker
- func New(delayMax time.Duration, userDelayStep time.Duration, ...) *BruteBlocker

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type BruteBlocker ¶

type BruteBlocker struct {
	// contains filtered or unexported fields
}

BruteBlocker encapsulates data and behaviour for brute force attack detection. It memorizes how many failed attempts occured per user and ip address, and when the last one occured. To allow for multi threaded access, it also creates a goroutine and stores channels for messaging.

func New ¶

func New(
	delayMax time.Duration,
	userDelayStep time.Duration,
	addrDelayStep time.Duration,
	globalDelayStep time.Duration,
	dropAfter time.Duration,
) *BruteBlocker

New creates a new BruteBlocker instance. This starts a goroutine, which might be shut down at any time using the ShutDown() func.

delayMax denotes the maximum delay to impose, and the delayStep values denote the delay increment per failed authentication attempt. Separate delays are tracked per user, per source ip address and globally (i.e. for all users and ip addresses). dropAfter denotes how long after the last failed login attempt the delay should be dropped.

func (*BruteBlocker) CleanUp ¶

func (b *BruteBlocker) CleanUp()

CleanUp removes old entries from memory. An entry is old if the last failed login attempt is older than the dropAfter parameter requires.

func (*BruteBlocker) Delay ¶

func (b *BruteBlocker) Delay(userID string, sourceAddr string, successful bool) time.Duration

Delay informs this BruteBlocker about a login attempt and returns the amount of time the user should be blocked.

Note that, when delaying the response while allowing concurrent requests, you should also delay after an successful authentication. This way, the attacker needs to await the full delay in order to know whether his authentication attempt succeeded or not.

func (*BruteBlocker) ShutDown ¶

func (b *BruteBlocker) ShutDown()

ShutDown stops the goroutine associated with this BruteBlocker instance. The instance is no longer functional and will panic on use.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL