 SentinelPremium
join:2001-02-07
Florida
kudos:1 | Old Zywall setting still needed? On my old Zywall 10 I used to do the following command in CI mode to strengthen the password from a brute force attack:
sys pwderrtm 5
I did it in my z2+ as well and it seems to work.
1. Does anyone know if this setting stays present on reboot, or if I have to edit the autoexec file to add it permanently?
2. Does the newer firmware of the Z2+ still need this setting, or is it default now? |
|
 StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch
 ·CenturyLink
| said by Sentinel:...following command in CI mode to strengthen the password from a brute force attack:
sys pwderrtm 5
That command doesn't "strengthen the password" as such but controls the amount of time before another attempt can be made if it's entered incorrectly. It's in minutes (5 in this case).
I just logged into my 2+ and tried
ZyWALL2+> sys pwderrtm
There is no password error timeout
I also checked autoexec.net and that has no reference to it.
So, to answer your question you need to add it to your autoexec.net
--
Don't feed trolls--it only makes them grow! |
|
SentinelPremium
join:2001-02-07
Florida
kudos:1 | Right, that's what I meant by brute force attack. If someone tries a password guessing program it thwarts them because after a certain number of tries it locks them out for a set period of time.
Crap, I was afraid of that. I hate editing the autoexec. Can I just add it at the end or do I have to put it in a certain place? |
|
StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch Reviews:
·CenturyLink
| said by Sentinel:Can I just add it at the end...
Yes.
--
Don't feed trolls--it only makes them grow! |
|
SentinelPremium
join:2001-02-07
Florida
kudos:1 | Thanks, but I think I just realized why this is not set by default and no one else seems to set it. If I disable remote administration from the WAN side then no one can access from the internet at all. They never even get to the log in screen; correct?
So this setting would only really do anything to people on my LAN that are trying to access the router. I don't worry about people on my LAN, so this setting doesn't seem important. |
|
StuartMWWho Is John Galt?Premium
join:2000-08-06
Galt's Gulch Reviews:
·CenturyLink
| said by Sentinel:If I disable remote administration from the WAN side then no one can access from the internet at all.
Correct. My 2+ is not accessible, at all (even to me), from the WAN side. Even from the LAN side I have HTTP, Telnet and FTP disabled. I either access it directly via the serial port, SSH (secure Telnet) or HTTPS (using a common certificate).
So this setting would only really do anything to people on my LAN that are trying to access the router.
--
Don't feed trolls--it only makes them grow! |
|
