Page 1 of 1

LFD should recognize a non-malicious repeat login failure...

Posted: 22 Feb 2018, 02:15
by biadmin
Hi,
I had an issue with the firewall blocking a client who's password was changed and her phone kept trying to login triggering the bad login attempts. Since the firewall on the server changed, it took me a while to figure out that is what was happening.

I think the firewall should not have blocked her IP over the cell phone issue. If making a brute force attack, one would not use the same password over and over, so if the requests are not coming in fast enough to constitute a DOS attack, it should be recognized as not a malicious login failure,

I realize this would require the logging of the password being used, but distinguishing this situation seems like a worthy thing to do.

Am I mistaken?

Re: LFD should recognize a non-malicious repeat login failure...

Posted: 26 Mar 2018, 22:06
by HOSTEDPOWER
If this could be detected properly somehow that would be huge improvement, however I doubt it can be done (easily) technically..

Re: LFD should recognize a non-malicious repeat login failure...

Posted: 26 Mar 2018, 22:09
by HOSTEDPOWER
If this could be detected properly somehow that would be huge improvement, however I doubt it can be done (easily) technically..