Handling Invalid Login Requests in Firewall

[DLN Krishna <dlnk () intotoinc com>]

Hi,

    In one of ASIAN countries, firewall criteria indicates that, if user 
tries to log into
    the firewall appliance for more than X number of times, appliance MUST 
not
    allow that user to log-in until the password of the user is changed.

    There is another school of thought that this type of behavior might become
    DoS for genuine users.  It is possible that, the attacker might try to 
log-in
    multiple times with victim's user name and give wrong password. When 
this happens,
    victim will not be able to access, until his password is changed by 
Administrator.
    Administrator might take many hours to change the password and also 
this can
    become a big head-ache for administrator.

    I feel that, logging a message (or sending alert to the administrator) 
when
    log-in is not successful for X number of times with information such as
    source IP and source Port and user name, which is being used to log-in,
    would be good, over denying any further log-in attempts.

     I would appreciate, if somebody could shed some light on any better
     approaches to handle this.

Thanks,
Krishna
CTO Office
Intoto Inc.
www.intotoinc.com
















***********************************************************************
* D L N Krishna,     dlnk () intotoinc com
* Intoto Inc.                             voice : (408)844-0480 Ext 332
* 3160, De La Cruz Blvd, #100,            fax   : (408)844-0488
* Santa Clara, CA - 95054
***********************************************************************


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards