Bruce Bodger wrote:
On Aug 15, 2008, at 5:39 PM, Charles Marcus wrote:
You're kidding, right?
Dictionary attacks are a fact of life these days.
Just install some kind of blocking on your firewall (fail2ban is a good one), and let it take care of the worst of it...
just make sure to get the expressions right.
fail2ban will not work for this as the incoming ip addresses are spoofed. fail2ban would end up blocking legitimate servers.
It doesn't matter. if a tcp attack involves a (remote) IP, you can block that IP (for some period of time). there's nothing else you can do unless you're ready to let it test all possible login:password pairs until it succeeds.
in particular, if this is an asymetric routing attack, then the attacker has some control of the remote IP or of its network. in which case, the IP is "dirty".
as for tcp hijacking, this is not so simple, and if it becomes easy, then we have a more serious problem than pop or smtp security...