How can I protect my server from dictionary password attacks?
Dictionary attacks are designed to find the password used to access an account normally consist of many attempts to log on to an account each using a different password. Many different combinations of password are attempted until the correct one is found.
Gordano’s software automatically protects from potential dictionary attacks designed to discover users passwords.
Each failed log on attempt to an account will set a "LogonDelay" variable for that account. Each subsequent failed log on attempt will increase that delay. The delay is reset once an account is correctly logged in to using the correct information.
For instance the first failed log on will set a delay of 1 second, the second a delay of 2 seconds, the third a delay of 4 seconds and so on.
This is normally more than enough to disuade any dictionary attacks as by the time they have tried say ten times the delay is already up to 512 seconds. They may have to try many thousands of combinations before they get the correct one.
Keywords:Dictionary, Password, Attack, Delay, log on, logon, log