Illegal access attempt - FreeBSD 5.4 Release - please advise

freebsd-questions at freebsd-questions at
Sun Aug 28 02:28:43 GMT 2005

> if this server was used by 100+ people i would of course not have such a 
> harsh security script set up. everyone who uses it has great experience 
> and understands the consequences. like i said before, this is usually 
> for personal use and has about 12 users total. if this was used to 
> manage ssh on something big i would lower the security measures.
> hope you can understand some now :)

Certainly. However, given that you are willing to accept (risk?) 5 attempts
at a legitimate account I don't believe there would be any greater risk
in allowing the same for invalid accounts also, given that the likelihood
of gaining access to those is actually less - and it would make your script
simpler, too, whilst preventing the (albeit, unlikely in your situation)
possibility of a DoS to a valid user. To be honest, reversing your logic
somewhat wrt valid/invalid accounts and 1/5 attempts could have merit also.

That said, I'd be interested in seeing how you implement this with swatch
as I'm looking at log parsing solutions in general.

best regards,
-- Joel Hatton --
Security Analyst                    | Hotline: +61 7 3365 4417
AusCERT - Australia's national CERT | Fax:     +61 7 3365 7031
The University of Queensland        | WWW:
Qld 4072 Australia                  | Email:   auscert at

More information about the freebsd-questions mailing list