Hi Ramon,

On 12/22/2016 01:59 PM, Ramon Medeiros wrote:

Propose: make adjustments at login page to make difficult brute force attack.

Today, an intruder can make login tries without any action from Wok.

Possible measures:

Record source port and ip. After 3 tries, block user for 30 seconds and increase the time by each more try. Using source port and ip will avoid errors for connections from NAT networks.


1) ip tries to login as root 3 times and fail

You will consider ip and port, right? So when ip and port tries to login as root 3 times and fail...

2) A timeout of 30 seconds will be set

Does that mean the user will not be allowed to perform a login action for 30 seconds?

3) After that, for 5 minutes, each try will add 30 seconds + x times the trial (60 seconds, 90 seconds. ..)

Not sure I got what you want here. After the 30 seconds block, the user will be able to try to login again.
How many attempts he/she can try to login again before get blocked?

Will he/she get blocked for 5 minutes in the second round of attempts?

4) After 5 minutes of the last try, the counter will be reset.


Ramon Nunes Medeiros
Kimchi Developer
Linux Technology Center Brazil
IBM Systems & Technology Group
Phone : +55 19 2132 7878

Kimchi-devel mailing list