[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: auditing failed login attempts
> From: Michael Ströder [mailto:michael@stroeder.com]
>
> Paul B. Henson wrote:
> > our security group is pushing us to enable failed login lockout
>
> ..which will stupidly open a DoS attack vector...
Preaching to the choir on that one, my friend. I already promised our ISO
that the day we turn it on there are going to start to be random
authentication failures on his account originating from untraceable web
proxies around the world to the point where he'll never be able to actually
login ;). I just work here?