Closed tasleson closed 4 years ago
@dsonck92 If you have the time I would appreciate you looking this over, thanks.
Looks good regarding the payload size. Regarding the password delay: Nothing is preventing users from connecting in parallel and executing multiple passwords. Maybe a fail2ban style approach might be more effective, i.e. let a specific IP/user or combination thereof try a fixed amount of times before ignoring it for a fixed timespan (probably both configurable). This would not stop a distributed attack but it would help mitigate an attempt from one location.
@dsonck92 I'll see what I can add to mitigate a parallel attack.
@dsonck92 Updated PR to prevent concurrent failed authentication attempts from same IP.
@dsonck92 Thanks for the review
Address two potential issues:
Resolves: https://github.com/open-iscsi/targetd/issues/66