X-Istence writes:
> Paul L. Allen wrote:
>
> >Tom Collins writes:
> >
> >
> >
> >>What if the system tracked it by IP, and after three failures locked
> >>out connections from that IP for 10 minutes?
[...]
> He meant log it on an account AND ip basis.
Perhaps he did, but "locked out CONNEC
Paul L. Allen wrote:
Tom Collins writes:
What if the system tracked it by IP, and after three failures locked
out connections from that IP for 10 minutes?
That has problems for companies behind a firewall which use external mail
servers (we have several clients in that
Tom Collins writes:
> What if the system tracked it by IP, and after three failures locked
> out connections from that IP for 10 minutes?
That has problems for companies behind a firewall which use external mail
servers (we have several clients in that situation). All it takes is one
person to
On Friday, September 26, 2003, at 03:39 AM, Paul L. Allen wrote:
You are still not considering the possibility that somebody mounts a
denial of service attack. An attacker need only make three attempts
every ten minutes to permanently lock somebody out. And the attacker
can
do that for every ma
Feucht, Florian writes:
> My idea is to store this information per user, so the others keep
> unaffected from locked mailboxes.
>
> Another Possibility is to lock the account only for an specific amount
> of time (lets say 10 minutes) after 3 password fails. So if somebody
> tries some hardcore