cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
789
Views
2
Helpful
3
Replies

What's the difference between "login block-for X attempts X within X" and "security authentication failure rate X"?

gravityfive
Level 1
Level 1

What's the difference between, just for example, "login block-for 100 attempts 15 within 100" and "security authentication failure rate 3"?

Please ignore the numbers, I need to know what the differences are in commands and what they do, what they affect.

3 Replies 3

mohanak
Cisco Employee
Cisco Employee

security authentication failure rate number_of_failed_attempts : A global configuration mode command used to specify the maximum number of failed attempts (in the range of 2 to 1024) before introducing a 15-second delay

login block-for 100 attempts 15 within 100 : Block all access after 15 failed login attempts within 100 Secs for the period of 100Secounds (1.40 Minutes).

The Cisco IOS Login Enhancements (Login Block) feature allows users to enhance the security of a router by configuring options to automatically block further login attempts when a possible denial-of-service (DoS) attack is detected.

The login block and login delay options introduced by this feature can be configured for Telnet or SSH virtual connections. By enabling this feature, you can slow down "dictionary attacks" by enforcing a "quiet period" if multiple failed connection attempts are detected, thereby protecting the routing device from a type of denial-of-service attack.

 

mohanak, thanks for the definitions.

These two commands seem to be redundant. They both introduce a delay or wait time after a specified number of failed login attempts. Why should I use one over the other? Are they meant for different purposes? If they serve identical purposes, why do they both exist? Especially since the login block-for command is much more powerful and customizable.

 

BTW, the "login delay" command makes ZERO sense to me, especially when considering these other two commands.

gravityfive
Level 1
Level 1

Bump. Anyone else have an explaination of why I would choose to use one of these commands over the other? They are both global configuration commands.