..::Block username after 3 failed authentications::..

Alan DeKok aland at deployingradius.com
Fri Sep 3 23:32:34 CEST 2010

Alfonso Alejandro Reyes Jiménez wrote:
>  Hi Everyone.
> I was wondering if there's some way to block the brute force attack. for
> example block the username after 3 invalid password attempts.
> This could be possible? if it's possible how?

  Store password tries in a database, and reject the user if he tries
more than 3 logins within a time.

  i.e. store data in a database.  FreeRADIUS is not a database.  Make
FreeRADIUS put information into the database, and read information from
the database.

  Alan DeKok.

More information about the Freeradius-Users mailing list