On Fri 27/Feb/2015 15:26:03 +0100 Jan Ingvoldstad wrote: > On Fri, Feb 27, 2015 at 12:05 PM, Alessandro Vesely <[email protected]> wrote: >> >> but would it be worth? >> > Use case 1: > > Hi, this is $customer, > > could you please provide a log for which IP addresses have tried to logon > as $user?
The complete list of IP addresses would do. You cannot tell whether the password, the userid, or both were wrong. IME, intrusion attempts --where both tokens are being guessed-- are somewhat more frequent than honest mistyping, but discerning which is which is not always obvious, and needs human judgment. > Use case 2: > > Dear $customer, > > we have regretfully had to block your IMAP account $user due to too many > invalid login attempts. The login attempts came from the following IP > addresses: > > $IP1 > $IP2 > ... > IPn I had thought something similar myself. However, the IP list is not going to be meaningful for most customer. What I'd thought instead is a kind of smart password-policy reminder, something along the lines of: Dear $customer, please change your password ASAP, because there have been $entropy attempts and it is likely to be cracked in $time days from now. Afterwards, I realized that's not needed yet, albeit userid-guessing has slightly improved. For SMTP, stolen passwords get deployed with no prior failed login attempts. > Use case 3: > > Dear $abusedept, > > your IP address $IP has been involved in multiple login attempts to > numerous IMAP accounts, and we have therefore been forced to block access > from it. Just block them. ISP's abuse teams don't even reply, except for automated stuff. They're usually unable to contact their users, and do nothing even with zombie reports. Typically, you cannot identify people by the IP addresses they use, except if they have to use fixed IPs. In that case, auto-blocking after 3 failed attempts forces them to call and explain. Ale -- ------------------------------------------------------------------------------ Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
