On 2013-06-09, Cyborg <[email protected]> wrote: > Am 09.06.2013 05:08, schrieb Todd Lyons: >> On Fri, Jun 7, 2013 at 7:42 AM, Ian Eiloart <[email protected]> wrote: >>>> Suppose we reconfigured servers with no authentication configuration to >>>> advertise that they take authentication and that you have a fake >>>> authenticator that accepts any password. >>> It might be better to accept only, say, 1% of authentication attempts. That >>> would prevent the hacker from trivially detecting your trap (by >>> authenticating to the same account with two different passwords). >> Even better: accept that 1%, store that info, and then wait for IP's >> to connect using that username and password combination (and either >> reject it or blackhole it, your choice) and use long delays for >> systems that connect with that user/pass combo. >> > > One small problem with that, if you accept 1% of all connections, you > have to make sure, that already authenticated username/password combos > are not rejected. Anyone would notice it if try #1 succeeds and #2 #3 #4 > #5 not.. > > Honeypots arn't that simple to setup :) > > Marius
perhaps use hashing to match usernames and passwords, first_three_twocharacters( md5 ( username + password + salt ) ) = 444 -- ⚂⚃ 100% natural -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
