Yes, dare I say this could be another block/service to configure and load within the Avalon-framework... something like a hack detection system. Another service (like SMTP AUTH or POP3) would register that IP address a.b.c.d tried to log into account xyz, and this service would then use it's configuration to return if that account or IP address have exceeded the number of allowed attempts in some time frame.
Some questions: - would admins want to change the security restrictions on a per service basis (probably, but more work then)? - would we want to "share" hack information across services, so if someone tried to login repeatedly via POP3, we would then forbid them from SMTP as well? I'm not sure of the best underlying architecture for this... you've got 3 pieces of data... time, ip, and account... you need to be able to count records from either an ip or account perspective, and you need to gradually expunge the attempts after some timeout period passes. I could do this easily with a database, but I can't think of a good in-memory model for this. Thoughts? -- Serge Knystautas Loki Technologies - Unstoppable Websites http://www.lokitech.com Harmeet Bedi wrote: > From: "Serge Knystautas" <[EMAIL PROTECTED]> > >>What about a counter to check how >>frequently a password has been guessed (some time limit) or maybe some >>throttling so a single IP address can't make too many guesses for >>whatever accounts it tries to get to? If you at least set it to lock >>the account for 5 minutes after a few rapid failed attempts, you'll >>greatly slow down the ability of a dictionary attack. > > > This seems like a really good idea. > > I think security related auditing is really important. A hook to specify > reaction(s) to the breakin attempt would be very nice. > MS and other systems usu. have hooks to temprorily disable an account if > there are n(say 3) login failures. > > Harmeet -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
