[BlueOnyx:04960] Re: Exponential backoff on dictionay attacks
Michael Stauber
mstauber at blueonyx.it
Mon Jul 5 20:06:31 -05 2010
Hi Ernie,
> Is it possible in the authentication layer that BX uses, to enable some
> form of exponential retry back-off for failed password attempts from the
> same IP address?
Yes, that's why we implemented "PAM_abl" sometime last year. It ties into the
authentication layer of any service that uses PAM for authentication. So that
covers Dovecot (POP3, IMAP), SMTP, FTP, Apache (to a certain degree), SSH and
even the horrible Telnet.
Repeated failed logins from the same IP address cause that no authentication
(against any service whatsoever) will work, even if the attacker finally comes
up with a valid username and password combination.
PAM_abl can be configured through "Security" / "Login Manager". The blocking
history can be seen under "Security" / "Failed Logins".
For more info see this link:
http://www.blueonyx.it/index.php?mact=News,cntnt01,detail,0&cntnt01articleid=37&cntnt01origid=54&cntnt01returnid=54
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list