On Wed, Jun 06, 2012 at 01:33:35AM +0100, Matthew Newton wrote:
Has anyone actually *measured* what proportion of their failed logins are due to usernames containing two dots, or realms which start or end with a dot, or the other things the OP's regexp tests rejected?
Random sample - the whole month of May. awk/grep stats at 1am, and I'm ill and tired - so you choose whether to trust it or not:
Less than 10 logins that had '..', or '@.' or ended in '.'.
However, 19 unique usernames that included a ' ', which consisted of over 15,000 login attempts, of which 11,000 were one user. That's one of the problems - some broken (IMO) supplicants just keep trying. That individual's problem? A space on the end.
Number of unique usernames with random characters - '=', '/', '#', ';', ',', etc. You name it, it's probably there! - around 50.
Number of login attempts to *.3gppnetwork.org - over 3,000.
Out of interest, the total number of login attempts for the month? And the total number of rejects for the month? (So the above figures can be visualised as "percentage of total authentications" and "percentage of total rejects" respectively) A more general approach would be to throttle auth attempts for any particular username after a configured number of failures, which I think could be done quite efficiently using the new rlm_redis module - but that involves rather more work to set up than a simple regexp test. Regards, Brian.