LFD should recognize a non-malicious repeat login failure...
Posted: 22 Feb 2018, 02:15
Hi,
I had an issue with the firewall blocking a client who's password was changed and her phone kept trying to login triggering the bad login attempts. Since the firewall on the server changed, it took me a while to figure out that is what was happening.
I think the firewall should not have blocked her IP over the cell phone issue. If making a brute force attack, one would not use the same password over and over, so if the requests are not coming in fast enough to constitute a DOS attack, it should be recognized as not a malicious login failure,
I realize this would require the logging of the password being used, but distinguishing this situation seems like a worthy thing to do.
Am I mistaken?
I had an issue with the firewall blocking a client who's password was changed and her phone kept trying to login triggering the bad login attempts. Since the firewall on the server changed, it took me a while to figure out that is what was happening.
I think the firewall should not have blocked her IP over the cell phone issue. If making a brute force attack, one would not use the same password over and over, so if the requests are not coming in fast enough to constitute a DOS attack, it should be recognized as not a malicious login failure,
I realize this would require the logging of the password being used, but distinguishing this situation seems like a worthy thing to do.
Am I mistaken?