Block vty connection for x period of time after x failed attempts

Unanswered Question
Sep 14th, 2010


I was wondering whether there was a way to dynamically block a vty session (telnet/ssh etc) for a period of time after x amount of failed login attempts using Cisco IOS?  I don't believe there is, but I wanted a way to provide Internet connectivity to a router but stop DDoS attempts from filling up the available VTY lines and/or bots continually trying to log in.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
goulin Tue, 10/12/2010 - 17:20

Hi Bastien,

Thanks for that.  It is pretty close to what I am after... certainly better than leave it open (I can use the ACL to allow only known addresses during a DDoS event).




This Discussion