[Dovecot] POP3 dictionary attacks
Kenneth Porter
shiva at sewingwitch.com
Sat Aug 16 03:08:08 EEST 2008
--On Friday, August 15, 2008 5:51 PM -0400 Bruce Bodger
<bruce.bodger at demval.com> wrote:
> fail2ban will not work for this as the incoming ip addresses are
> spoofed. fail2ban would end up blocking legitimate servers.
How do you spoof a source address on a TCP connection? I was unaware that
was possible. How would replies know how to get back to the spoofing host?
At best, you can spoof another host on your own routed segment. Unless you
have control of the routing tables on the connecting routers, of course.
More information about the dovecot
mailing list