Re: FTP Authorization Failure time limits

[Jason Barbier <kusuriya () gmail com>]

Well it depends on the software you have on what the defaults are for
the login lockout time, I think for proftpd if you have it turned on
its 15 minutes, and for IIS I think it is 5. but its also changeable in
both thoose examples, Im not sure if thats what you are asking though

On 28 Sep 2007 11:14:41 -0000
msiddhartha () netcom-sys com wrote:

> Hi,
>
> When an FTP authorization fails thrice continuously, an error called
> 530: User not logged in (Your password is being rejected) triggers an
> alarm in some Enterprise SIM solutions. 
>
>
> Can somebody please explain whether there is a time frame for the
> illegitimate login attempts after which the alarm fires? 
>
> To elaborate the query, how much time space is allotted after every
> individual invalid login attempt for an attacker using Brute force by
> the FTP server? 
>
>
> Thanks in advance
>
>
> Cheers!
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------