Email/System Notification on failed Attempted Login (Lockout) - $75 USD (Paid)

Visseroth

I know I have another thread going. Guess I was hoping there was a change, but there isn't.
So I was hoping to start a bounty on this. I don't know what anyone would be asking or how many would pitch in.

It would be handy and nice to have a system alert/email (if enabled) when the system blocks a login attempt that causes a blacklist/lockout of a IP that attempted to many times to log into the system.

This could happen from a "friendly" machine on a local network, from someone being malicious on the www, could happen anywhere, but having the system throw a notification/email would be handy.

It doesn't have to occur with every failed login attempt, more specifically when the system blocks the user or IP.

Anyone else?
I'd be willing to start at $50, not sure whom to pay it to.

loonylion

You're talking about failed logins to the WebUI or SSH?

kpa

There's just one question you'd have to answer first.

Why is your management interface exposed to a hostile network?

Visseroth

Loonylion: Either/Both? My thought was if the system blocks or rejects a login attempt and does a lockout it should flag it and pop up a notification and send a email if email is setup.

kpa: It's not. But in the past somehow, and I'm not sure how either or both has been exposed to the www which allowed for an attack. Point being I didn't know about it until much later, nor was there any indicator of it. Even if the management interface was on a private vlan with special rules blocking such access, if there was an attempt I still wouldn't know about it unless I went digging through the logs looking for it.

The idea behind this is to say, "Hey stupid!, you didn't do something right and now someone has been blocked from accessing your appliance!" because as of right now the only thing saying such things is the logs. And if a administrator failed to set something correctly and doesn't look the logs over around the same time as the attack, there's no indication it ever occurred.

Heck, even APC SNMP cards send alerts on SNMP sniffing, failed logins, ect. You would think a firewall, being a security appliance would have the same basic notification to let the administrator know that something isn't right and needs to be corrected/investigated further.

loonylion

OK, I'll see what I can come up with. I was simply checking that I understood what you were asking for.

Visseroth

Wow! Nice! Thank you so very much! I know $50 is jack squat, but I believe this to be a minor but important feature.
And where do I send the $$?

Visseroth

Paid - Waiting on results
Thank you loonylion!!!

loonylion

Payment received and solution has been submitted to OP for testing.

Visseroth

Thanks a ton! Hopefully others will be thankful as well.
Testing the SSH notification now as well.