[Dovecot] SQL/LDAP Lockouts?
Ben Beuchler
insyte at emt-p.org
Fri Dec 10 19:32:56 EET 2004
On Fri, Dec 10, 2004 at 11:29:42AM -0600, Ben Beuchler wrote:
> > 1) If you get a good auth, you're in
> > 2) If you get a bad auth, or the response takes more than n
> > milliseconds/seconds, try the next password
>
> Is there any reason to make tarpitting logic non-persistent? It seems a
> robust implementation would keep track of IPs that have failed logins.
> Removing the record, of course, at the first successful login.
This would, of course, be potentially vulnerable to a distributed
attack...
--
Ben Beuchler There is no spoon.
insyte at emt-p.org -- The Matrix
More information about the dovecot
mailing list