Login Break-in LGI parameters
- From: norm.raphael@xxxxxxxxx
- Date: Wed, 1 Nov 2006 10:37:20 -0500
Can someone please expain in simple English what happens here.
This is how I read the settings:
1) Users get LGI_BRK_LIM=5 login failures before being blocked
as an INTRUDER (The failure count is logged in the INTRUSION
entry even though lockout has yet to occur).
2) Once the break-in limit is reached the source is prevented
from login even with the correct Username and Password for
LGI_HID_TIM=30 minutes.
3) Monitoring of login failure continues for LGI_BRK_TMO=2
minutes after a failure. For each subsequent failure, another
LGI_BRK_TMO=2 minutes is added to the monitoring period. After
this period has passed the INTRUSION record is discarded.
A careful reading if this yields a contradiction. If the source
login fails 5 times (1) the source is blocked. Monitoring
of that source is for 2 minutes, then the source is given a clean
slate (3). The souce is prevented even from correct login for
30 minutes (2). So which is it, 2 (or 4 or 6) minutes or 30
minutes or is it 2 (or 4 or 6) + 30 minutes?
.
- Follow-Ups:
- Re: Login Break-in LGI parameters
- From: JF Mezei
- Re: Login Break-in LGI parameters
- From: Tad
- Re: Login Break-in LGI parameters
- From: Jim Mehlhop
- Re: Login Break-in LGI parameters
- From: Peter 'EPLAN' LANGSTOEGER
- Re: Login Break-in LGI parameters
- Prev by Date: Re: Time change questions !
- Next by Date: Re: RMS
- Previous by thread: Re: Updated VMS Information (big one)
- Next by thread: Re: Login Break-in LGI parameters
- Index(es):
Relevant Pages
|
