This blog was originally started to better help me understand the technologies in the CCIE R&S blueprint; after completing the R&S track I have decided to transition the blog into a technology blog.

CCIE #29033

This blog will continue to include questions, troubleshooting scenarios, and references to existing and new technologies but will grow to include a variety of different platforms and technologies. Currently I have created over 185 questions/answers in regards to the CCIE R&S track!! Note: answers are in the comment field or within "Read More" section.

You can also follow me on twitter @FE80CC1E


Saturday, May 15, 2010

Question 91

What would you use "login block-for"?

login block-for - used to mitigate dictionary attacks and DOS (denial of service) attacks (When used with "login quiet-mode")

Once you enable "login block-for" the following defaults are set:

-login delay of 1 second

-login attempts from Telnet/SSH is defined during the quiet period.

Example: this will block any further attempt for 30 seconds when the 3 unsuccessful attempts are made within 10 seconds

config#login block-for 30 attempts 3 within 10

Note: When using "login block-for" you can restrict any new connection for the set period of time using the "login quiet-mode".
Posted by Packets Analyzed at 9:59 AM
Labels: ,

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)