Is there any way to limit the number/rate of attempts that can be made to login as a PPTP user?
My concern is brute force attack, no matter how strong a password is it will fall to a brute force attack in the end.
Is there any way (in order of preference) to:
a) Block an IP address after a certain number of unsuccessful login attempts
b) Limit the rate of attempts from an IP address
c) Lock out a user after a specified number of unsuccessful attempts
d) Any other ideas
Appologies if the answer is somewhere obvious but I can’t find it…
Yeh…
It can be scripted.
Check with Butch Evans.
You could look for excessive failed attempts and then disable the account.
You would have to re-enable the account, or if you feel realy sick and deranged, you could schedual another script that would re-enable some or all of the currently disabled accounts…
If you just cant sleep, you could look into using the API system, and using another system, you could create a system to use a database to control the active / disabled users and you could controle the system based on conditions you want…