David Rees wrote:
Got any suggestions on an IDS which may be suitable? Can't really be part of the firewall as the firewall in this case is a separate system and doesn't have the capability to detect failed dovecot logins, especially if they are using SSL.
I'm still trying to figure that out for myself. ;-) Not knowing what firewall you are using, at least some of them support programmatically adding forbidden hosts (I know that Watchguard does).
As far as IDS's, Snort:
http://www.snort.org/is one of the better known ones, and as soon as I can figure out how to slow the rotation of the Earth to provide for 50 hour days, I'll have some time to check it out... :0
John
-- John Peacock Director of Information Research and Technology Rowman & Littlefield Publishing Group 4501 Forbes Boulevard Suite H Lanham, MD 20706 301-459-3366 x.5010 fax 301-429-5748