Re: RFC: changes to default password strength checks in pam_unix

To: debian-devel@lists.debian.org
Subject: Re: RFC: changes to default password strength checks in pam_unix
From: Antti-Juhani Kaijanaho <antti-juhani@kaijanaho.fi>
Date: Tue, 4 Sep 2007 13:09:04 +0300
Message-id: <[🔎] 20070904100903.GA5118@kukkaseppele.kaijanaho.fi>
In-reply-to: <[🔎] Prayer.1.0.18.0709032340070.5389@daves.isp2dial.com>
References: <[🔎] 20070902194736.GA10366@dario.dodds.net> <[🔎] 1188873845.31104.2.camel@dorfl.lan> <[🔎] Prayer.1.0.18.0709032340070.5389@daves.isp2dial.com>

On Mon, Sep 03, 2007 at 11:40:07PM -0400, John Kelly wrote:
> I stop brute force attacks by sending auth log messages to a FIFO which I 
> read with a perl script. After 10 login failures, your IP is firewalled for 
> 24 hours.

I have a rate-limiting iptables ruleset for SSH (and HTTP).  In my
experience, brute force attackers give up after the rate-limiter starts
tarpitting them.

See http://antti-juhani.kaijanaho.fi/stuff/ratelimit.txt

- 
Antti-Juhani Kaijanaho, Jyväskylä
http://antti-juhani.kaijanaho.fi/newblog/
http://www.flickr.com/photos/antti-juhani/

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- RFC: changes to default password strength checks in pam_unix
  - From: Steve Langasek <vorlon@debian.org>
- Re: RFC: changes to default password strength checks in pam_unix
  - From: Lars Wirzenius <liw@iki.fi>
- Re: RFC: changes to default password strength checks in pam_unix
  - From: John Kelly <jak@isp2dial.com>

Prev by Date: Re: RFC: changes to default password strength checks in pam_unix
Next by Date: Re: RFC: changes to default password strength checks in pam_unix
Previous by thread: Re: RFC: changes to default password strength checks in pam_unix
Next by thread: Re: RFC: changes to default password strength checks in pam_unix
Index(es):
- Date
- Thread