Mail account brute force / harassment

Odhiambo Washington odhiambo at gmail.com
Thu Apr 11 13:53:54 EEST 2019


Marc,

There is a strategy loosely referred to as "choose your battles well" :-)
Let the others bother with their own problems.
If you can, hack the server and dump the 500GB - you'll be using resources
transferring the 500GB as the
other server receives it. Two servers wasting resources because you think
you are punishing an offender!


On Thu, 11 Apr 2019 at 13:43, Marc Roos <M.Roos at f1-outsourcing.eu> wrote:

> Please do not assume anything other than what is written, it is a
> hypothetical situation
>
>
> A. With the fail2ban solution
>    - you 'solve' that the current ip is not able to access you
>    - it will continue bothering other servers and admins
>    - you get the next abuse host to give a try.
>
> B. With 500GB dump
>  - the owner of the attacking server (probably hacked) will notice it
> will be forced to take action.
>
>
> If abuse clouds are smart (most are) they would notice that attacking my
> servers, will result in the loss of abuse nodes, hence they will not
> bother me anymore.
>
> If every one would apply strategy B, the abuse problem would get less.
> Don't you agree??
>
>
>
>
>
>
> -----Original Message-----
> From: Odhiambo Washington
> Sent: donderdag 11 april 2019 12:28
> To: Marc Roos
> Cc: dovecot
> Subject: Re: Mail account brute force / harassment
>
>
>
> On Thu, 11 Apr 2019 at 13:24, Marc Roos via dovecot
> <dovecot at dovecot.org> wrote:
>
>
>
>
>         Say for instance you have some one trying to constantly access an
>         account
>
>
>         Has any of you made something creative like this:
>
>         * configure that account to allow to login with any password
>         * link that account to something like /dev/zero that generates
> infinite
>         amount of messages
>           (maybe send an archive of virusses?)
>         * transferring TB's of data to this harassing client.
>
>         I think it would be interesting to be able to do such a thing.
>
>
>
>
> Instead of being evil, just use fail2ban to address this problem :-)
>
> --
>
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254 7 3200 0004/+254 7 2274 3223
> "Oh, the cruft.", grep ^[^#] :-)
>
>
>

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", grep ^[^#] :-)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20190411/9fde4b6c/attachment-0001.html>


More information about the dovecot mailing list