Propose: make adjustments at login page to make difficult brute force attack. Today, an intruder can make login tries without any action from Wok. Possible measures: Record source port and ip. After 3 tries, block user for 30 seconds and increase the time by each more try. Using source port and ip will avoid errors for connections from NAT networks. Example: 1) ip 192.168.1.1 tries to login as root 3 times and fail 2) A timeout of 30 seconds will be set 3) After that, for 5 minutes, each try will add 30 seconds + x times the trial (60 seconds, 90 seconds. ..) 4) After 5 minutes of the last try, the counter will be reset. -- Ramon Nunes Medeiros Kimchi Developer Linux Technology Center Brazil IBM Systems & Technology Group Phone : +55 19 2132 7878 ramonn@br.ibm.com