[CLUE-Tech] vsftpd question
Jed S. Baer
thag at frii.com
Tue Jun 15 10:22:57 MDT 2004
On Mon, 14 Jun 2004 08:31:39 -0600
Charles Oriez <coriez at oriez.org> wrote:
> Is there a way of limiting the maximum number of failed attempts from a
> given IPA? I know that some of my users are fat fingered, so I don't
> want anyone to be locked out on the first failure, but after say 10
> failed attempts from an IPA in a 24 hour period, I'd stop giving someone
> the benefit of the doubt.
It's been a while since I've read about intrusion detection systems, but
wouldn't something like snort be able to do this? I know some of them can
be configured to null-route IPAs based on various criteria. Don't know if
you can get them this fine grained, but you might look into it.
jed
--
http://s88369986.onlinehome.us/freedomsight/
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier
More information about the clue-tech
mailing list