On Fri, Jun 7, 2013 at 7:42 AM, Ian Eiloart <[email protected]> wrote: > >> Suppose we reconfigured servers with no authentication configuration to >> advertise that they take authentication and that you have a fake >> authenticator that accepts any password. > It might be better to accept only, say, 1% of authentication attempts. That > would prevent the hacker from trivially detecting your trap (by > authenticating to the same account with two different passwords).
Even better: accept that 1%, store that info, and then wait for IP's to connect using that username and password combination (and either reject it or blackhole it, your choice) and use long delays for systems that connect with that user/pass combo. The resulting data will tie together methods/sources of password cracking with the exploited systems that try to abuse it. ...Todd -- The total budget at all receivers for solving senders' problems is $0. If you want them to accept your mail and manage it the way you want, send it the way the spec says to. --John Levine -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
