[Dovecot] Dovecot under brute force attack - nice attacker

Steve steeeeeveee at gmx.net
Thu Jun 4 19:27:09 EEST 2009


> The Idea is good but I guess an option to just disconnect the attacker
> wouldn't hurt in the config file?
>
Is that not the wrong approach? I mean: all you wanted is to have a log entry showing when there was a username/password mismatch when logging in. And you found out that with normal logging options that log entry only shows up if the connection get's disconnected. Right? So would it not be better to have an option to log ANY username/password login mismatch even if the user/attacker does not disconnect?

 
> This would be much easier to detect/monitor on an upfront firewall/IDS.
>
A disconnect on TCP/IP level is easier to detect/monitor? How? Without logging or without inspecting the communication channel you are pretty much lost. Correct me if I am wrong.


> I agree that each service should care about its own security but some 
> of us have certain sw/hw in front which also should be able to detect
> such an attempt. By just delaying the next try I guess it will be tough
> to detect this upfront.
> 
> Henry
> 
Steve
-- 
GMX FreeDSL mit DSL 6.000 Flatrate und Telefonanschluss nur 17,95 Euro/mtl.!
http://dslspecial.gmx.de/freedsl-aktionspreis/?ac=OM.AD.PD003K11308T4569a


More information about the dovecot mailing list