[Dovecot] SQL/LDAP Lockouts?

Ben Beuchler insyte at emt-p.org
Fri Dec 10 19:32:56 EET 2004


On Fri, Dec 10, 2004 at 11:29:42AM -0600, Ben Beuchler wrote:

> > 1) If you get a good auth, you're in
> > 2) If you get a bad auth, or the response takes more than n
> > milliseconds/seconds, try the next password
> 
> Is there any reason to make tarpitting logic non-persistent?  It seems a
> robust implementation would keep track of IPs that have failed logins.
> Removing the record, of course, at the first successful login.

This would, of course, be potentially vulnerable to a distributed
attack...

-- 
Ben Beuchler                                           There is no spoon.
insyte at emt-p.org                                            -- The Matrix


More information about the dovecot mailing list