[fw-wiz] Handling Invalid Login Requests in Firewall
From: DLN Krishna (dlnk_at_intotoinc.com)
Date: 01/16/04
- Previous message: Melson, Paul: "RE: [fw-wiz] Cisco PIX IDS"
- Next in thread: Paul Robertson: "Re: [fw-wiz] Handling Invalid Login Requests in Firewall"
- Reply: Paul Robertson: "Re: [fw-wiz] Handling Invalid Login Requests in Firewall"
- Maybe reply: Don Parker: "Re: [fw-wiz] Handling Invalid Login Requests in Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Fri, 16 Jan 2004 11:18:56 -0800
Hi,
In one of ASIAN countries, firewall criteria indicates that, if user
tries to log into
the firewall appliance for more than X number of times, appliance MUST
not
allow that user to log-in until the password of the user is changed.
There is another school of thought that this type of behavior might become
DoS for genuine users. It is possible that, the attacker might try to
log-in
multiple times with victim's user name and give wrong password. When
this happens,
victim will not be able to access, until his password is changed by
Administrator.
Administrator might take many hours to change the password and also
this can
become a big head-ache for administrator.
I feel that, logging a message (or sending alert to the administrator)
when
log-in is not successful for X number of times with information such as
source IP and source Port and user name, which is being used to log-in,
would be good, over denying any further log-in attempts.
I would appreciate, if somebody could shed some light on any better
approaches to handle this.
Thanks,
Krishna
CTO Office
Intoto Inc.
www.intotoinc.com
***********************************************************************
* D L N Krishna, dlnk@intotoinc.com
* Intoto Inc. voice : (408)844-0480 Ext 332
* 3160, De La Cruz Blvd, #100, fax : (408)844-0488
* Santa Clara, CA - 95054
***********************************************************************
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Melson, Paul: "RE: [fw-wiz] Cisco PIX IDS"
- Next in thread: Paul Robertson: "Re: [fw-wiz] Handling Invalid Login Requests in Firewall"
- Reply: Paul Robertson: "Re: [fw-wiz] Handling Invalid Login Requests in Firewall"
- Maybe reply: Don Parker: "Re: [fw-wiz] Handling Invalid Login Requests in Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
