HP3000-L Archives

June 2000, Week 1

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
OT: DOS attack
From:
"Stigers, Greg [And]" <[log in to unmask]>
Reply To:
Stigers, Greg [And]
Date:
Fri, 2 Jun 2000 20:14:54 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (14 lines) 
X-no-Archive:yes
Here's a question that came up. About systems that lock an id out
indefinitely after n failed log in attempts. Isn't that regarded as making
said system vulnerable to a denial of service attack? Especially on a system
that distinguishes between a failed logon due to an incorrect password, and
a failed logon due to an invalid user name?

I should probably look at what the IETF working groups have to say about
this one. But if anyone already knows, I would be fascinated to hear what
they have to say.

Greg Stigers
http://www.cgiusa.com

ATOM RSS1 RSS2