> So sprach Valdas Andrulis am Tue, Jan 30, 2001 at 01:11:48PM +0200:
> > I have noticed, that previously when someone entered incorect username
> > or password during login, there was the delay before another login
> > prompt. And now (I think this happened in 7.x series) it gives login:
> > prompt instantly, wich is bad from security view.
>
> You're talking about the telnet login? Well, telnet is insecure
> anyway, so
> that's no wonder. And after 3 unsuccessful tries the connection
> is dropped.
> I don't seem to understand why it's so bad - how was it in the
> old days?
> was the delay increased after each try? And why is it more
> secure, if
> there's a delay?
>
An increased or random delay between login attempts discourages brute force
attacks using scripts that just send username/password over and over until
they get in. Or at least, that's what I learned in school. :-)
But you're right, if we're talking about telnet here, kill the service
anyway and install SSH.
Eaon
