5 Mar
2021
5 Mar
'21
16:30
On 2021/03/02 23:05, Per Jessen wrote:
Today it is slow, thorough, distributed - maybe 50 machines slowly trying out passwords, once a minute, one machine after the other. Such slow, patient attacks usually don't trigger any traps or fail2ban.
Today or rather from about five or more years ago, most sensitive institutions give about 3 invalid password attempts against an account and then lock the account, requiring a call to support with your personally identifying info. Seems like that would stop such attacks as the trigger is any 3 bad attempts and then the account is locked, no?