4 Jun
2009
4 Jun
'09
7:13 p.m.
Question: Is there any way to close the connection after the first wrong user/pass combination. So an attacker would be forced to reopen it?
I think the growing delay is a better idea.
The Idea is good but I guess an option to just disconnect the attacker wouldn't hurt in the config file? This would be much easier to detect/monitor on an upfront firewall/IDS. I agree that each service should care about its own security but some of us have certain sw/hw in front which also should be able to detect such an attempt. By just delaying the next try I guess it will be tough to detect this upfront.
Henry