Re: defense against password cracking programs
From: Stachu 'Dozzie' K. (cut-to-last-hypen-dozzie_at_dynamit.im.pwr.wroc.pl)
Date: Thu, 23 Sep 2004 13:44:57 +0000 (UTC)
On 2004-09-21, Solbu wrote:
> On onsdag 22. september 2004, 00:13 Bill Unruh tried to express an opinion:
>> firstname.lastname@example.org (gayle) writes:
>> ]Basically, I'm wondering if there is a way to disable log-ins to a
>> ]particular account for some defined period of time (for example, 30
>> ]minutes) after this account is barraged with lots of failed log-in
>> ]attempts (say, 30 failures within 10 minutes).
>> The problem with this is that it allows a denial of service attack. The
>> attacker just barrages with failed attempts, and then suddenly the real
>> user cannot log in. 30 min later he does it again (or rather automates it).
> How bout something that blocks the IP of the attacker for a period?
> (for all services.) Then the real user could still log in.
It's probably better idea. You can try running script fetching
information from syslog and dynamically blocking IP.
-- Stanislaw Klekot