> > Question: > > Is there any way to close the connection after the > > first wrong user/pass combination. So an attacker would be forced > > to reopen it? > > I think the growing delay is a better idea.
The Idea is good but I guess an option to just disconnect the attacker wouldn't hurt in the config file? This would be much easier to detect/monitor on an upfront firewall/IDS. I agree that each service should care about its own security but some of us have certain sw/hw in front which also should be able to detect such an attempt. By just delaying the next try I guess it will be tough to detect this upfront. Henry
