[BlueOnyx:08865] Re: Login manager not responsive on non valid usernames?
Barry Mishkind
barry at oldradio.com
Wed Oct 19 19:41:12 -05 2011
At 05:04 PM 10/19/2011, Michael Stauber wrote:
>Hi Maurice,
>
>If someone tries to brute force a nonexisting username, then it gains him
>nothing. He can't login as that user anyway.
>
>If he tries to brute force an existing username, then he gets caught and
>PAM_ABL will block further attempts from the offending host. Even against
>other usernames.
How many attempts will it allow? I had
one a couple of weeks ago that tried
a dictionary attack and it ran 1700 tries.
- -
Barry Mishkind - Tucson, AZ
More information about the Blueonyx
mailing list