Re: I was "hacked" via RDP
"I had a discussion once about the concept of doubling the time between login attempts:
start with a 1 second re-try and double the time for every wrong login attempt. Has anybody ever implemented this?"
VMS introduced an intrusion detection system back in 1984 (VMS V4.0). It would automagically disable logins when the number of login failures exceeded a predefined limit within a short space of time, and there was a random element to that, to make life a bit more difficult for attackers.
It filtered on login source, so for example network logins from a particular workstation or a modem line could be disabled while logins from a local serial connection weren't. It was parameter driven so you could customise its behaviour
By default logins would be re-enabled after some random time, so you weren't locked out permanently, again configuration parameter driven.
Early versions of the documentation omitted or carefully hid the command to re-enable logins manually (e.g. after a user rang up to say they'd locked themselves out), which led to much frustration when the Messages User Guide had it that the remedy was "Contact your System Manager", and you were that person.
Biting the hand that feeds IT
