In Oracle Database 11G there is a new 'feature' related to hacking prevention:
A hacker may attempt a brute force hack to break into your Oracle Database. In this case they try constant logons to the database using some form of a word list. Oracle 11g includes a logon delay that takes effect after the third failed password entry attempt. This makes the brute force hacking more difficult. After the third failed logon attempt, Oracle will incrementally delay subsequent logon or password prompts up to a maximum of 10 seconds. No delay will occur if the logon is successful.
BUT there is a problem/bug , until OracleDatabase version 126.96.36.199 ( or 188.8.131.52.5 - not yet released ) . You can encounter this bug and experience high library cache contention , when you have both users connecting with good passwords and users connecting with bad passwords :