[BlueOnyx:08864] Re: Login manager not responsive on non valid usernames?
Michael Stauber
mstauber at blueonyx.it
Wed Oct 19 19:04:20 -05 2011
Hi Maurice,
> I have numerous failed logins from one host, with usernames that doesn't
> exists on the system. These attemps can be found in the secure logfile.
> However, these failed logins don't seem to be catched by the login
> manager.
If someone tries to brute force a nonexisting username, then it gains him
nothing. He can't login as that user anyway.
If he tries to brute force an existing username, then he gets caught and
PAM_ABL will block further attempts from the offending host. Even against
other usernames.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list