Logout

Alt-N Discussion Groups > Discussions > Wish-list for different type of dynamic screening

 [F] Alt-N Discussion Groups  / Discussions  /

Wish-list for different type of dynamic screening

    Looking through my logs, I see hacking attempts where the same IP
address will attempt to log in a thousand or more times in a short period of
time. I've seen cases of over 1000 attempts in under 3 minutes. Often
they'll try lots of times with "acctname" (we require acctname@domain.com),
but then after they've failed at those attempts, they'll start over with
acctname@domain.com. This will freeze the account, so it's not so much of a
security issue as a convenience issue. If we could dynamically screen an
IP that failes "N" login attempts, regardless of whether it's a valid
account, it could save the inconvenience of having to deal with a frozen
account.
    I realize that the background resources for this are different than for
freezing an account, because you'd have to keep track of a number of IP
addresses that had attempted to connect. But that list would only need
entries for failed attempts, so say, if you wanted to allow 5 attempts, you
could keep a list of the last 100 IPs that failed login, and you'd have a
pretty good odds of catching them in that list.
    Anyway, just a thought.

-Shay

PS: One reason dealing with a frozen account has become such an issue is
that when an account gets frozen, the user's mobile devices will come up
with a message about a password error, and they'll try (often
unsuccessfully) to re-enter their password or change their password, so then
once I un-freeze the account, then their mobile device re-freezes it because
it now has the wrong password. So unless I catch the frozen account before
the user notices it, it's rare that just simply unfreezing the account will
get things back going again. So I'm looking for anything that will help
avoid this situation coming up.



  (older msg: 2)All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items

leigh.cain@altn.com (apparently) - Dec 1, 2014 11:11 am (#3 Total: 3)  

via email - Technical Support  

Photo of Author
leigh.cain@altn…
Guru
Guru
Posts: 1262

MDaemon
RelayFax
SecurityGateway
Outlook Connector
SecurityPlus
ProtectionPlus
WebAdmin
[discuss] Wish-list for different type of dynamic screening

Great! I'm glad that's what you needed. Let us know if you have any further questions.
 
--
Leigh Cain
Quality Assurance Analyst
 
Sent using Alt-N's own MDaemon Messaging Server
Now available with BYOD Mobile Device Management,
Document Sharing, Hijacked Account Detection and more.
 
Get to know the Alt-N family by liking us on Facebook!
 
 
-----Original Message-----
From: Shay Walters <lists-discuss@altn.com>
To: "discuss List Member" <discuss@altn.com>
Date: Mon, 1 Dec 2014 10:15:43 -0500
Subject: [discuss] Wish-list for different type of dynamic screening

[discuss] Wish-list for different type of dynamic screening
 
Well How do you like that?   It's already there!   I just didn't have it enabled.  No, that is exactly what I was looking for.  Somehow I had missed those options when I went looking for them.
 
Thanks,
-Shay
 
Under Security | Security Settings| Screening | Dynamic Screen there is an option to "Block IPs that fail this many authentication attempts" and "Block IPs that connect more than X times in Y minutes" - are these options lacking in something that you need for them to work for you?
 
--
Leigh Cain
Quality Assurance Analyst
 
Sent using Alt-N's own MDaemon Messaging Server
Now available with BYOD Mobile Device Management,
Document Sharing, Hijacked Account Detection and more.
 
Get to know the Alt-N family by liking us on Facebook!
 
 
-----Original Message-----
From: Shay Walters <lists-discuss@altn.com>
To: "discuss List Member" <discuss@altn.com>
Date: Fri, 28 Nov 2014 15:07:53 -0500
Subject: [discuss] Wish-list for different type of dynamic screening
 
    Looking through my logs, I see hacking attempts where the same IP
address will attempt to log in a thousand or more times in a short period of
time.  I've seen cases of over 1000 attempts in under 3 minutes.  Often
they'll try lots of times with "acctname" (we require acctname@domain.com),
but then after they've failed at those attempts, they'll start over with
acctname@domain.com.  This will freeze the account, so it's not so much of a
security issue as a convenience issue.   If we could dynamically screen an
IP that failes "N" login attempts, regardless of whether it's a valid
account, it could save the inconvenience of having to deal with a frozen
account.
    I realize that the background resources for this are different than for
freezing an account, because you'd have to keep track of a number of IP
addresses that had attempted to connect.  But that list would only need
entries for failed attempts, so say, if you wanted to allow 5 attempts, you
could keep a list of the last 100 IPs that failed login, and you'd have a
pretty good odds of catching them in that list.
    Anyway, just a thought.

-Shay

PS: One reason dealing with a frozen account has become such an issue is
that when an account gets frozen, the user's mobile devices will come up
with a message about a password error, and they'll try (often
unsuccessfully) to re-enter their password or change their password, so then
once I un-freeze the account, then their mobile device re-freezes it because
it now has the wrong password.  So unless I catch the frozen account before
the user notices it, it's rare that just simply unfreezing the account will
get things back going again.  So I'm looking for anything that will help
avoid this situation coming up.




------------------------------------------------------
View/reply at <http://lists.altn.com/WebX?13@@.59860dc5>

--DISCUSS--------------------------------------------------------------
This mailing list is for questions and discussion regarding Alt-N
products.  To unsubscribe from this mailing list send an email to
discuss-unsubscribe@altn.com .
--DISCUSS--------------------------------------------------------------


-----------------------------------------------------------------------
These forums are provided by Alt-N Technologies for user-to-user
support and discussion.  Alt-N staff members may participate in the
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical
support please use the form here:
http://www.altn.com/Support/RequestSupport/
-----------------------------------------------------------------------
--DISCUSS--------------------------------------------------------------
This mailing list is for questions and discussion regarding Alt-N
products.  To unsubscribe from this mailing list send an email to
discuss-unsubscribe@altn.com .
--DISCUSS--------------------------------------------------------------


-----------------------------------------------------------------------
These forums are provided by Alt-N Technologies for user-to-user 
support and discussion.  Alt-N staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:

http://www.altn.com/Support/RequestSupport/
-----------------------------------------------------------------------
 
View/reply at [discuss] Wish-list for different type of dynamic screening
--DISCUSS--------------------------------------------------------------
This mailing list is for questions and discussion regarding Alt-N
products.  To unsubscribe from this mailing list send an email to
discuss-unsubscribe@altn.com .
--DISCUSS--------------------------------------------------------------


-----------------------------------------------------------------------
These forums are provided by Alt-N Technologies for user-to-user 
support and discussion.  Alt-N staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.altn.com/Support/RequestSupport/
-----------------------------------------------------------------------

--DISCUSS--------------------------------------------------------------
This mailing list is for questions and discussion regarding Alt-N
products.  To unsubscribe from this mailing list send an email to
discuss-unsubscribe@altn.com .
--DISCUSS--------------------------------------------------------------


-----------------------------------------------------------------------
These forums are provided by Alt-N Technologies for user-to-user 
support and discussion.  Alt-N staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.altn.com/Support/RequestSupport/
-----------------------------------------------------------------------



  All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items



 Content:

Read New | Search

 Guest:

Email to Admin



You are visiting as a Guest user.