Firewall Wizards mailing list archives
Handling Invalid Login Requests in Firewall
From: DLN Krishna <dlnk () intotoinc com>
Date: Fri, 16 Jan 2004 11:18:56 -0800
Hi,In one of ASIAN countries, firewall criteria indicates that, if user tries to log into the firewall appliance for more than X number of times, appliance MUST not
allow that user to log-in until the password of the user is changed. There is another school of thought that this type of behavior might becomeDoS for genuine users. It is possible that, the attacker might try to log-in multiple times with victim's user name and give wrong password. When this happens, victim will not be able to access, until his password is changed by Administrator. Administrator might take many hours to change the password and also this can
become a big head-ache for administrator.I feel that, logging a message (or sending alert to the administrator) when
log-in is not successful for X number of times with information such as source IP and source Port and user name, which is being used to log-in, would be good, over denying any further log-in attempts. I would appreciate, if somebody could shed some light on any better approaches to handle this. Thanks, Krishna CTO Office Intoto Inc. www.intotoinc.com *********************************************************************** * D L N Krishna, dlnk () intotoinc com * Intoto Inc. voice : (408)844-0480 Ext 332 * 3160, De La Cruz Blvd, #100, fax : (408)844-0488 * Santa Clara, CA - 95054 *********************************************************************** _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Handling Invalid Login Requests in Firewall DLN Krishna (Jan 21)
- Re: Handling Invalid Login Requests in Firewall Paul Robertson (Jan 21)
- <Possible follow-ups>
- Re: Handling Invalid Login Requests in Firewall Don Parker (Jan 21)
- Re: Handling Invalid Login Requests in Firewall Ravi (Jan 22)
- Re: Handling Invalid Login Requests in Firewall DLN Krishna (Jan 22)
- Re: Handling Invalid Login Requests in Firewall Ravi (Jan 22)