[Tfug] Stopping repeated login attempts
Eric Gearhart
eric at nixwizard.net
Tue Jan 26 12:26:35 MST 2010
On Tue, Jan 26, 2010 at 12:16 PM, Claude Rubinson
<rubinson at u.arizona.edu> wrote:
> On Tue, Jan 26, 2010 at 08:06:28AM -0700, Jeff Breadner wrote:
>> Only allow SSH via VPN? That seems backwards.
>
> The University just started doing this for its Unix accounts. It's
> rather annoying (particularly as they didn't announce it anywhere).
> Is this becoming common practice? What's the logic? Redundant
> security in case of a hole in one service? It certainly won't improve
> protection against password-based attacks, as we use the same login
> and password for both services.
If they're not using some kind of ( port knocking system / CAPTCHA /
IPS that detects too many failed logins and blocks the IP) on their
VPN login portal they might actually be making the problem *worse*...
--
Eric
More information about the tfug
mailing list