10 Dec
2004
10 Dec
'04
7:32 p.m.
On Fri, Dec 10, 2004 at 11:29:42AM -0600, Ben Beuchler wrote:
- If you get a good auth, you're in
- If you get a bad auth, or the response takes more than n milliseconds/seconds, try the next password
Is there any reason to make tarpitting logic non-persistent? It seems a robust implementation would keep track of IPs that have failed logins. Removing the record, of course, at the first successful login.
This would, of course, be potentially vulnerable to a distributed attack...
-- Ben Beuchler There is no spoon. insyte@emt-p.org -- The Matrix