Is there a  way to configure the server so that malicious users cannot
try multiple log-in attempts without reconnecting?  Ideally I would
like to be able to configure the connection to be dropped after 3
invalid attempts at the password.

I've just been watching someone hit a server trying to log in as
'admin' with thousands  of different passwords.  Obviously we would
not have obvious user ids but the effect of this is to flood the
server to the extent that regular users are failing to connect.  There
is also a remote possibility that given enough time the cracker could
get lucky and get a real user id / password.

How do you recommend we protect the server against this form of attack?


John Garrould

Reply via email to