ヨタ助

携帯用ページ http://www.google.co.jp/gwt/x?u=http%3a%2f%2funipass.blogspot.com&btngo=go&source=wax&ie=utf-8&oe=utf-8

Friday, December 31, 2010

11.29 IOS Login Enhancements

login quiet-mode access-class ACL#
にて exempted となるのは source address としてだけ。ACL にて permit match しない場合には当然、quiet-mode 中にはアクセスできないが、permit match するアドレスについても login attempt が 1回失敗すると、kick out される。 また、 quiet-mode も設定された時間(下記例では40secが再適用される)

R3 Configuration

access-list 1 permit 150.1.5.5

login block-for 40 attempts 3 within 30
login delay 2
login quiet-mode access-class 1
login on-failure log every 3
login on-success log

username TEST password 0 TEST

Verification

R5 から R3 に telnet login を試行
Rack1R5#telnet 150.1.3.3                     
Trying 150.1.3.3 ... Open

Rack1R5#
User Access Verification

Username: fe
Password:
% Login invalid

Username: fea
Password:
% Login invalid

Username: fea
Password:
% Login invalid

[Connection to 150.1.3.3 closed by foreign host]

*** 150.1.5.5 以外の source address から 3 回ログインに失敗 ***

Rack1R5#telnet 150.1.3.3 /source-interface lo0
Trying 150.1.3.3 ... Open


User Access Verification

Username: TEST
Password:
% Login invalid
*** exempted されている source address 150.1.5.5 なので、ログイン試行は成功。しかし、ログイン試行できる回数は 1回のみ。1回失敗すると、kick out される ***

[Connection to 150.1.3.3 closed by foreign host]
Rack1R5#telnet 150.1.3.3 /source-interface lo0
Trying 150.1.3.3 ... Open


User Access Verification

Username: fa
Password:
% Login invalid

[Connection to 150.1.3.3 closed by foreign host]



上記のケースでの、R3 上でのログ出力
*Mar  1 01:29:22.355: %SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: fa] [Source: 150.1.5.5] [localport: 23] [Reason: Login Authentication Failed - BadUser] at 01:29:22 UTC Fri Mar 1 2002
*Mar  1 01:29:22.363: %SEC_LOGIN-1-QUIET_MODE_ON: Still timeleft for watching failures is 0 secs, [user: fa] [Source: 150.1.5.5] [localport: 23] [Reason: Login Authentication Failed - BadUser] [ACL: 1] at 01:29:22 UTC Fri Mar 1 2002

Rack1R3#sh login
     A login delay of 2 seconds is applied.
     Quiet-Mode access list 1 is applied.
     All successful login is logged.
     Every 3 failed login is logged.

     Router enabled to watch for login Attacks.
     If more than 3 login failures occur in 30 seconds or less,
     logins will be disabled for 40 seconds.

     Router presently in Quiet-Mode.
     Will remain in Quiet-Mode for 37 seconds.
     Restricted logins filtered by applied ACL 1.

Rack1R3#sh login
     A login delay of 2 seconds is applied.
     Quiet-Mode access list 1 is applied.
     All successful login is logged.
     Every 3 failed login is logged.

     Router enabled to watch for login Attacks.
     If more than 3 login failures occur in 30 seconds or less,
     logins will be disabled for 40 seconds.

     Router presently in Quiet-Mode.
     Will remain in Quiet-Mode for 36 seconds.
     Restricted logins filtered by applied ACL 1.

posted by kimiyone @ Friday, December 31, 2010 

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home