21 Jul
2010
21 Jul
'10
4:32 p.m.
On 07/21/2010 03:06 PM Leonardo Rodrigues wrote:
i was thinking on something like ...
- after N tries (lets say 10 for example) of wrong username/password combinations, dovecot could start delaying the answers for wrong authentications coming from that specific IP address or IP/username, thus slowing down the brute-force attacks; 1.1) or even, after some M (lets say 20 for example) wrong username/password combinations, dovecot could ban that IP address (or IP address/username combination to avoid problem with big networks with NAT access) for XX seconds/minutes, also slowing down the brute-force attack tries 1.2) this could probably be implemented using some in-memory internal backend, so it would be absolutely independent on passdb schema and would require no modifications on passdb schema.
Install dovecot 2.0.rc3 and try to 'break in'. You will see how dovecot
slows down your 'attack'. When you test it with your botnet ( ;-) ), use
doveadm penalty to see current penalties.
Regards, Pascal
The trapper recommends today: deadbeef.1020215@localdomain.org