[Dovecot] No tcp wrappers, other ideas to help stop brute force attacks?

John Peacock jpeacock at rowman.com
Wed Aug 30 23:00:43 EEST 2006


David Rees wrote:
> Got any suggestions on an IDS which may be suitable? Can't really be
> part of the firewall as the firewall in this case is a separate system
> and doesn't have the capability to detect failed dovecot logins,
> especially if they are using SSL.

I'm still trying to figure that out for myself. ;-)  Not knowing what 
firewall you are using, at least some of them support programmatically 
adding forbidden hosts (I know that Watchguard does).

As far as IDS's, Snort:

	http://www.snort.org/

is one of the better known ones, and as soon as I can figure out how to 
slow the rotation of the Earth to provide for 50 hour days, I'll have 
some time to check it out... :0

John

-- 
John Peacock
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4501 Forbes Boulevard
Suite H
Lanham, MD  20706
301-459-3366 x.5010
fax 301-429-5748


More information about the dovecot mailing list