On 2013-09-02 5:11 PM, Noel <noeldude@gmail.com> wrote:
It would be a lot easier to deploy if some sort of blocker were built into dovecot -- after X number of failures during Y seconds, fail all future attempts for the account for T seconds.
But again, totally blocking all AUTH attempts like that even blocks valid attempts by the real user.
Having a whitelist that tracks valid user+IP logins would prevent that.
Maybe reset the timer on each attempt during the blackout period so the timer never expires on the persistent distributed brute force attacks. I suppose there would also need to be a way to whitelist IPs so the account owner can get in.
Ummm... maybe you didn't read what I wrote? That is what I meant by 'whitelist' in item 1... ;)
On 2013-09-02 9:59 PM, other@ahhyes.net <other@ahhyes.net> wrote:
Is there anyway to limit the number of auth attempts allowed in a single session? The reason for this is because I have "fail2ban" setup to firewall out any IP addresses that repeatedly auth fails.
Is there a way to tell fail2ban to block connection attempts NOT based on IP, but based on other values or value combinations (like user+IP)?