From owner-freebsd-questions@FreeBSD.ORG  Thu Jul 29 12:57:00 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0AA5716A4CE
	for <freebsd-questions@freebsd.org>;
	Thu, 29 Jul 2004 12:57:00 +0000 (GMT)
Received: from sccrmhc13.comcast.net (sccrmhc13.comcast.net [204.127.202.64])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AE1FA43D2F
	for <freebsd-questions@freebsd.org>;
	Thu, 29 Jul 2004 12:56:59 +0000 (GMT)
	(envelope-from freebsd-questions-local@be-well.ilk.org)
Received: from be-well.no-ip.com ([66.30.196.44])
          by comcast.net (sccrmhc13) with ESMTP
          id <20040729125659016003k7eje>; Thu, 29 Jul 2004 12:56:59 +0000
Received: by be-well.no-ip.com (Postfix, from userid 1147)
	id ED8F512; Thu, 29 Jul 2004 08:56:58 -0400 (EDT)
Sender: lowell@be-well.ilk.org
To: Redmond Militante <r-militante@northwestern.edu>
References: <20040727151610.GA2790@darkpossum>
From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org>
Date: 29 Jul 2004 08:56:58 -0400
In-Reply-To: <20040727151610.GA2790@darkpossum>
Message-ID: <448yd3ug2t.fsf@be-well.ilk.org>
Lines: 19
User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
cc: freebsd-questions@freebsd.org
Subject: Re: limit login attempts with pam
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jul 2004 12:57:00 -0000

Redmond Militante <r-militante@northwestern.edu> writes:

> hello
> 
> i'm interested in configuring PAM on my 4x system so that a user is locked out of ignored if trying to log in unsuccessfully via ftp within the space of a minute or so. i'm trying to eliminate brute force attacks...
> 
> 
> can anyone point me towards some good tutorials on how to do this?

Good tutorials?  I don't know, but there is source for the pam_tally
module included in the tree on my -STABLE machine.  

Think it over carefully before enabling this kind of capability,
though; you may be making brute force attacks somewhat harder, but a
denial-of-service attack on specific users will become trivial.

-- 
Lowell Gilbert, embedded/networking software engineer, Boston area
		http://be-well.ilk.org:8088/~lowell/