Propose: make adjustments at login page to make difficult brute force attack.

Today, an intruder can make login tries without any action from Wok.

Possible measures:

Record source port and ip. After 3 tries, block user for 30 seconds and increase the time by each more try. Using source port and ip will avoid errors for connections from NAT networks.

Example:

1) ip 192.168.1.1 tries to login as root 3 times and fail
2) A timeout of 30 seconds will be set
3) After that, for 5 minutes, each try will add 30 seconds + x times the trial (60 seconds, 90 seconds. ..)

4) After 5 minutes of the last try, the counter will be reset.

-- 

Ramon Nunes Medeiros
Kimchi Developer
Linux Technology Center Brazil
IBM Systems & Technology Group
Phone : +55 19 2132 7878
ramonn@br.ibm.com