From: Jason Barbier (kusuriya@gmail.com)
Date: Sat Sep 29 2007 - 02:49:29 EDT
Well it depends on the software you have on what the defaults are for
the login lockout time, I think for proftpd if you have it turned on
its 15 minutes, and for IIS I think it is 5. but its also changeable in
both thoose examples, Im not sure if thats what you are asking though
On 28 Sep 2007 11:14:41 -0000
msiddhartha@netcom-sys.com wrote:
> Hi,
>
> When an FTP authorization fails thrice continuously, an error called
> 530: User not logged in (Your password is being rejected) triggers an
> alarm in some Enterprise SIM solutions.
>
>
> Can somebody please explain whether there is a time frame for the
> illegitimate login attempts after which the alarm fires?
>
> To elaborate the query, how much time space is allotted after every
> individual invalid login attempt for an attacker using Brute force by
> the FTP server?
>
>
> Thanks in advance
>
>
> Cheers!
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:08 EDT