Information
A minimum of 5 seconds should be used for the backoff factor.
Rationale:
Remote administration protocols like Telnet and SSH are commonly targeted by Brute Force or Dictionary attacks where a malicious user attempts to guess a valid username/password combination in order to gain control of the router. To slow down the rate at which an attacker can attempt to guess passwords Juniper routers can initiate a backoff timer when a user login fails more times than a configured threshold. Once initiated the backoff will not allow a further login attempt by the user for a configured (see next recommendation) period of time called the backoff factor. After the next failed login attempt further logins will not be allowed for the 2x the backoff factor, then 3x and so on.
Solution
Configure the backoff threshold using the following command under the [edit system] hierarchy:
[edit system]
user@host#set login retry-options backoff-factor
Default Value:
For most JUNOS version the default is to backoff factor of 5 seconds.