From owner-freebsd-security Thu May 27 19:40:35 1999 Delivered-To: freebsd-security@freebsd.org Received: from zip.com.au (zipper.zip.com.au [203.12.97.1]) by hub.freebsd.org (Postfix) with ESMTP id 7BE9D15146 for ; Thu, 27 May 1999 19:40:31 -0700 (PDT) (envelope-from ncb@zip.com.au) Received: from localhost (ncb@localhost) by zip.com.au (8.9.1/8.9.1) with ESMTP id MAA06545; Fri, 28 May 1999 12:40:35 +1000 Date: Fri, 28 May 1999 12:40:35 +1000 (EST) From: Nicholas Brawn To: "Brian W. Buchanan" Cc: freebsd-security@FreeBSD.ORG Subject: Re: Locking out accounts after repeated failures In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Yes. I'm interested in doing it on a bastion host and servers connected to public networks (ie, Internet). Of course the root account would not be locked out, but then you couldn't log in as root except at console. Nick On Thu, 27 May 1999, Brian W. Buchanan wrote: > On Fri, 28 May 1999, Nicholas Brawn wrote: > > > I'm interested to know if freebsd has the capability to lock out users > > after 5 consecutive bad login attempts, with the "counter" being cleared > > after each successful login. If it is capable, could someone please point > > me to the right documentation/files. > > Are you sure you want to do this? This leads to a very obvious denial of > service attack. > > -- > Brian Buchanan brian@CSUA.Berkeley.EDU > -------------------------------------------------------------------------- > FreeBSD - The Power to Serve! http://www.freebsd.org > > daemon(n): 1. an attendant power or spirit : GENIUS > 2. the cute little mascot of the FreeBSD operating system > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message