On 05/03/2010 04:43, Tony Nelson wrote:
On 10-03-04 20:22:15, Frank Cusack wrote:
On 3/4/10 6:42 PM -0500 Tony Nelson wrote:
> Looking at the source, I see that there are no options. It tarpits
> a bit, but currently has no limit on the number of attempts. I'll
> see what I can do.
I think it's a brilliant idea. After one login attempt, all others
on the same connection should fail.
A fan! Anyway, there should at least be a choice. Not that I've coded
a choice, just a dumb patch -- see attachment. It's a bit of a
compromise, with a hard-coded limit of 4 attempts. Maybe I'll lower it
to 2.
I would be all in favour of a setting like this because it's easier to
configure than fail2ban...
...but ... At least my public facing servers seem to be receiving
trickle scans where there is definite evidence of a slow distributed
bruteforcer which uses multiple IPs to try multiple usernames and I
probably only see each IP a few times a day... This is quite hard to
defend against without some kind of distributed system (and I believe
there are such things?)
Good luck
Ed W
