Feucht, Florian writes:
Perhaps he did, but locked out CONNECTIONS from that IP for 10
minutes reads differently to me. If Tom had meant what you said, then
I would have expected something like locked out authentication attempts
from that username/IP pair for 10 minutes.
This idea
Perhaps he did, but locked out CONNECTIONS from that IP for 10
minutes
reads differently to me. If Tom had meant what you said, then I would
have expected something like locked out authentication attempts from
that username/IP pair for 10 minutes.
This idea is great, but doesn't work for
: Donnerstag, 25. September 2003 16:13
An: [EMAIL PROTECTED]
Betreff: Re: WG: [vchkpw] lock account after login failures
Feucht, Florian writes:
is this problem unsolvable, or did i say something wrong?
Doing it the way you suggest, counting failures, means remembering state
somewhere, somehow. If you
Feucht, Florian writes:
My idea is to store this information per user, so the others keep
unaffected from locked mailboxes.
Another Possibility is to lock the account only for an specific amount
of time (lets say 10 minutes) after 3 password fails. So if somebody
tries some hardcore brute
On Friday, September 26, 2003, at 03:39 AM, Paul L. Allen wrote:
You are still not considering the possibility that somebody mounts a
denial of service attack. An attacker need only make three attempts
every ten minutes to permanently lock somebody out. And the attacker
can
do that for every
Tom Collins writes:
What if the system tracked it by IP, and after three failures locked
out connections from that IP for 10 minutes?
That has problems for companies behind a firewall which use external mail
servers (we have several clients in that situation). All it takes is one
person to
X-Istence writes:
Paul L. Allen wrote:
Tom Collins writes:
What if the system tracked it by IP, and after three failures locked
out connections from that IP for 10 minutes?
[...]
He meant log it on an account AND ip basis.
Perhaps he did, but locked out CONNECTIONS from that
Hi...
is this problem unsolvable, or did i say something wrong?
---
Hi there...
I'm using vpopmail's vchkpw to authenticate imap, pop3 and smtp. (plain
- cdb, w/o ldap or mysql) All services should be accessible from
outside. Now i have got the following question: is it possible that
vchkpw
Feucht, Florian writes:
is this problem unsolvable, or did i say something wrong?
Doing it the way you suggest, counting failures, means remembering state
somewhere, somehow. If you have a lot of idiot users, this state could
become very large and slow. Also there are two possible denial of
Hi there...
I'm using vpopmail's vchkpw to authenticate imap, pop3
and smtp. (plain - cdb, w/o ldap or mysql) All services should be
accessiblefrom outside. Now i have got the following question: is it
possible that vchkpw locks an account after - let's say - 5 password failures to
10 matches
Mail list logo