Re: defense against password cracking programs

From: Stachu 'Dozzie' K. (cut-to-last-hypen-dozzie_at_dynamit.im.pwr.wroc.pl)
Date: 09/23/04


Date: Thu, 23 Sep 2004 13:44:57 +0000 (UTC)

On 2004-09-21, Solbu wrote:
>
> On onsdag 22. september 2004, 00:13 Bill Unruh tried to express an opinion:
>
>> gaylew@gmail.com (gayle) writes:
>
>> ]Basically, I'm wondering if there is a way to disable log-ins to a
>> ]particular account for some defined period of time (for example, 30
>> ]minutes) after this account is barraged with lots of failed log-in
>> ]attempts (say, 30 failures within 10 minutes).
>>
>> The problem with this is that it allows a denial of service attack. The
>> attacker just barrages with failed attempts, and then suddenly the real
>> user cannot log in. 30 min later he does it again (or rather automates it).
>
> How bout something that blocks the IP of the attacker for a period?
> (for all services.) Then the real user could still log in.

It's probably better idea. You can try running script fetching
information from syslog and dynamically blocking IP.

-- 
Stanislaw Klekot