<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi Ramon,<br>
<br>
<div class="moz-cite-prefix">On 12/22/2016 01:59 PM, Ramon Medeiros
wrote:<br>
</div>
<blockquote
cite="mid:4744cb7f-3143-5334-1d9c-8514e1373504@linux.vnet.ibm.com"
type="cite">
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
<p>Propose: make adjustments at login page to make difficult brute
force attack.<br>
<br>
Today, an intruder can make login tries without any action from
Wok.<br>
<br>
Possible measures:</p>
<p>Record source port and ip. After 3 tries, block user for 30
seconds and increase the time by each more try. Using source
port and ip will avoid errors for connections from NAT networks.<br>
<br>
Example:<br>
<br>
1) ip 192.168.1.1 tries to login as root 3 times and fail<br>
</p>
</blockquote>
<br>
You will consider ip and port, right? So when ip and port tries to
login as root 3 times and fail...<br>
<br>
<blockquote
cite="mid:4744cb7f-3143-5334-1d9c-8514e1373504@linux.vnet.ibm.com"
type="cite">
<p> 2) A timeout of 30 seconds will be set<br>
</p>
</blockquote>
<br>
Does that mean the user will not be allowed to perform a login
action for 30 seconds?<br>
<br>
<blockquote
cite="mid:4744cb7f-3143-5334-1d9c-8514e1373504@linux.vnet.ibm.com"
type="cite">
<p> 3) After that, for 5 minutes, each try will add 30 seconds + x
times the trial (60 seconds, 90 seconds. ..)</p>
</blockquote>
<br>
Not sure I got what you want here. After the 30 seconds block, the
user will be able to try to login again.<br>
How many attempts he/she can try to login again before get blocked?<br>
<br>
Will he/she get blocked for 5 minutes in the second round of
attempts?<br>
<br>
<br>
<br>
<blockquote
cite="mid:4744cb7f-3143-5334-1d9c-8514e1373504@linux.vnet.ibm.com"
type="cite">
<p>4) After 5 minutes of the last try, the counter will be reset.<br>
</p>
<pre class="moz-signature" cols="72">--
Ramon Nunes Medeiros
Kimchi Developer
Linux Technology Center Brazil
IBM Systems & Technology Group
Phone : +55 19 2132 7878
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:ramonn@br.ibm.com">ramonn@br.ibm.com</a> </pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Kimchi-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Kimchi-devel@ovirt.org">Kimchi-devel@ovirt.org</a>
<a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/kimchi-devel">http://lists.ovirt.org/mailman/listinfo/kimchi-devel</a>
</pre>
</blockquote>
<br>
</body>
</html>