> With your security team hat on, what would you want to know and what would you do if you got a report that said IP address xxx had N authentication failures?
Going along with this scenario, I would say it can be considered an authentication failure like all others. If it's immediately actionable or deserves a report is another topic, but it would probably warrant some attention. A misconfiguration, potential malicious MITM or the network corrupting packets, all are relatively grave? On Fri, Oct 14, 2022 at 3:28 AM Hal Murray <halmur...@sonic.net> wrote: > > avaman...@gmail.com said: > > P.S. About logging, some (rate-limited) warnings against such failures > would > > actually be very interesting to security teams. > > With your security team hat on, what would you want to know and what would > you > do if you got a report that said IP address xxx had N authentication > failures? > > > > -- > These are my opinions. I hate spam. > > > > > -- > To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with > "unsubscribe" in the subject. > For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the > subject. > Trouble? Email listmas...@chrony.tuxfamily.org. > >