[Dovecot] Dovecot under brute force attack - nice attacker
henry ritzlmayr
dovecot at rc0.at
Thu Jun 4 19:13:04 EEST 2009
> > Question:
> > Is there any way to close the connection after the
> > first wrong user/pass combination. So an attacker would be forced
> > to reopen it?
>
> I think the growing delay is a better idea.
The Idea is good but I guess an option to just disconnect the attacker
wouldn't hurt in the config file?
This would be much easier to detect/monitor on an upfront firewall/IDS.
I agree that each service should care about its own security but some
of us have certain sw/hw in front which also should be able to detect
such an attempt. By just delaying the next try I guess it will be tough
to detect this upfront.
Henry
More information about the dovecot
mailing list