On 12/22/2016 01:59 PM, Ramon Medeiros wrote:
Propose: make adjustments at login page to make difficult brute force
Today, an intruder can make login tries without any action from Wok.
Record source port and ip. After 3 tries, block user for 30 seconds
and increase the time by each more try. Using source port and ip will
avoid errors for connections from NAT networks.
1) ip 192.168.1.1 tries to login as root 3 times and fail
You will consider ip and port, right? So when ip and port tries to login
as root 3 times and fail...
2) A timeout of 30 seconds will be set
Does that mean the user will not be allowed to perform a login action
for 30 seconds?
3) After that, for 5 minutes, each try will add 30 seconds + x times
the trial (60 seconds, 90 seconds. ..)
Not sure I got what you want here. After the 30 seconds block, the user
will be able to try to login again.
How many attempts he/she can try to login again before get blocked?
Will he/she get blocked for 5 minutes in the second round of attempts?
4) After 5 minutes of the last try, the counter will be reset.
Ramon Nunes Medeiros
Linux Technology Center Brazil
IBM Systems & Technology Group
Phone : +55 19 2132 7878
Kimchi-devel mailing list