Penetration Testing mailing list archives
Re: FTP Authorization Failure time limits
From: Jason Barbier <kusuriya () gmail com>
Date: Fri, 28 Sep 2007 23:49:29 -0700
Well it depends on the software you have on what the defaults are for the login lockout time, I think for proftpd if you have it turned on its 15 minutes, and for IIS I think it is 5. but its also changeable in both thoose examples, Im not sure if thats what you are asking though On 28 Sep 2007 11:14:41 -0000 msiddhartha () netcom-sys com wrote:
Hi, When an FTP authorization fails thrice continuously, an error called 530: User not logged in (Your password is being rejected) triggers an alarm in some Enterprise SIM solutions. Can somebody please explain whether there is a time frame for the illegitimate login attempts after which the alarm fires? To elaborate the query, how much time space is allotted after every individual invalid login attempt for an attacker using Brute force by the FTP server? Thanks in advance Cheers! ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- FTP Authorization Failure time limits msiddhartha (Sep 28)
- Re: FTP Authorization Failure time limits Jason Barbier (Sep 29)