Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: FTP Authorization Failure time limits

from [Jason Barbier] Network Security [Permanent Link]
Subject: Re: FTP Authorization Failure time limits
Date: Fri, 28 Sep 2007 23:49:29 -0700 
Well it depends on the software you have on what the defaults are for
the login lockout time, I think for proftpd if you have it turned on
its 15 minutes, and for IIS I think it is 5. but its also changeable in
both thoose examples, Im not sure if thats what you are asking though

On 28 Sep 2007 11:14:41 -0000
msiddhartha@netcom-sys.com wrote:


Hi,

When an FTP authorization fails thrice continuously, an error called
530: User not logged in (Your password is being rejected) triggers an
alarm in some Enterprise SIM solutions. 


Can somebody please explain whether there is a time frame for the
illegitimate login attempts after which the alarm fires? 

To elaborate the query, how much time space is allotted after every
individual invalid login attempt for an attacker using Brute force by
the FTP server? 


Thanks in advance


Cheers!

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  FTP Authorization Failure time limits, msiddhartha
Next by Date:  Re: Re: Are Fragmentation Attacks Still Used for IDS/IPS Evasion?, vijay . upadhyaya
Previous by Thread:  FTP Authorization Failure time limits, msiddhartha
Next by Thread:  State of Penetration Testing Research (Input requested), Joseph McCray
Indexes:  [Date] [Thread] [Top] [All Lists]