The Idea is good but I guess an option to just disconnect the attacker wouldn't hurt in the config file?
Is that not the wrong approach? I mean: all you wanted is to have a log entry showing when there was a username/password mismatch when logging in. And you found out that with normal logging options that log entry only shows up if the connection get's disconnected. Right? So would it not be better to have an option to log ANY username/password login mismatch even if the user/attacker does not disconnect?
This would be much easier to detect/monitor on an upfront firewall/IDS.
A disconnect on TCP/IP level is easier to detect/monitor? How? Without logging or without inspecting the communication channel you are pretty much lost. Correct me if I am wrong.
I agree that each service should care about its own security but some of us have certain sw/hw in front which also should be able to detect such an attempt. By just delaying the next try I guess it will be tough to detect this upfront.
Henry
Steve
GMX FreeDSL mit DSL 6.000 Flatrate und Telefonanschluss nur 17,95 Euro/mtl.! http://dslspecial.gmx.de/freedsl-aktionspreis/?ac=OM.AD.PD003K11308T4569a