[Tfug] Stopping repeated login attempts
Claude Rubinson
rubinson at u.arizona.edu
Tue Jan 26 12:37:36 MST 2010
On Tue, Jan 26, 2010 at 12:26:35PM -0700, Eric Gearhart wrote:
> On Tue, Jan 26, 2010 at 12:16 PM, Claude Rubinson
> <rubinson at u.arizona.edu> wrote:
> > On Tue, Jan 26, 2010 at 08:06:28AM -0700, Jeff Breadner wrote:
> >> Only allow SSH via VPN? That seems backwards.
> >
> > The University just started doing this for its Unix accounts. It's
> > rather annoying (particularly as they didn't announce it anywhere).
> > Is this becoming common practice? What's the logic? Redundant
> > security in case of a hole in one service? It certainly won't improve
> > protection against password-based attacks, as we use the same login
> > and password for both services.
>
> If they're not using some kind of ( port knocking system / CAPTCHA /
> IPS that detects too many failed logins and blocks the IP) on their
> VPN login portal they might actually be making the problem *worse*...
How so?
Claude
More information about the tfug
mailing list