I think it is a good idea to block after so many attempts. But many distributed 
dictionary attacks only attempt two to three passwords on a given name from a 
given IP address. There are many ways around what you are proposing. It only 
slows down the attack or blocks out your legitimate users from accessing their 
accounts.

Blocking on a certain number of unknown users is just a futile and has the same 
problems with blocking legitimate users. It will only slow down the attack not 
stop it.

Slowing it down would be a good start.

Kevin Bilbee



> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:Imail_Forum-
> [EMAIL PROTECTED] On Behalf Of John T (Lists)
> Sent: Tuesday, August 15, 2006 3:57 PM
> To: [email protected]
> Subject: RE: [IMail Forum] POP3 Security / DOS Attack
> 
> Trying to defeat such an attack with pure resource power is going to be
> a losing battle. There must be a mechanism in place to stop the attack,
> not just overcome it.
> 
> Going by your logic, there is no need for denying an IP on incoming
> traffic after so many unknown users.
> 
> John T
> eServices For You
> 
> "Seek, and ye shall find!"
> 
> 
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:Imail_Forum-
> > [EMAIL PROTECTED] On Behalf Of Kevin Bilbee
> > Sent: Tuesday, August 15, 2006 3:16 PM
> > To: [email protected]
> > Subject: RE: [IMail Forum] POP3 Security / DOS Attack
> >
> > The only way you can stop something like this is to block the IP
> address.
> If it is
> > coming from multiple sources then you need the power to withstand the
> attack and
> > hope none of your accounts are compromised. That is why it is so
> > important
> that
> > strong passwords are enforced and that IPSwitch should really heed
> the
> thread last
> > month on strong password enforcement.
> >
> >
> > Kevin Bilbee
> >
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED] [mailto:Imail_Forum-
> > > [EMAIL PROTECTED] On Behalf Of Archer Koch
> > > Sent: Tuesday, August 15, 2006 2:47 PM
> > > To: [email protected]
> > > Subject: RE: [IMail Forum] POP3 Security / DOS Attack
> > >
> > > Gentlemen:
> > >
> > > I do truly appreciate your responses.  However, I hope that you
> > > aren't missing the bigger picture.  Should we all not be feeling
> > > immensely vulnerable right now?  What happens as this form of
> attack
> > > gains momentum?
> > > Granted, this appears to be an isolated incident at the moment.
> But
> > > it was a successful DOS attack that will (in all probability) be
> repeated.
> > > Your Imail server might be next.  What will you do?
> > >
> > > I called Ipswitch, but they didn't seem overly concerned.  I
> > > submitted a longer excerpt from the log and will sit here holding
> my
> > > breath.  It may very well take a catastrophe to get people riled up
> > > enough for this to get some serious attention.  I'd much prefer a
> > > more proactive approach, however.
> > >
> > > Archer
> > >
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On Behalf Of Dave
> > > Doherty
> > > Sent: Tuesday, August 15, 2006 2:04 PM
> > > To: [email protected]
> > > Subject: Re: [IMail Forum] POP3 Security / DOS Attack
> > >
> > > It's SBC. They'll probably listen:
> > >
> > > <snip>
> > >
> > > ----- Original Message -----
> > > From: "Kevin Bilbee" <[EMAIL PROTECTED]>
> > > To: <[email protected]>
> > > Sent: Tuesday, August 15, 2006 4:48 PM
> > > Subject: RE: [IMail Forum] POP3 Security / DOS Attack
> > >
> > >
> > > Also, if possible, lookup the owner of the IP and report he abuse
> to
> > > them if
> > >
> > > they are willing to listen.
> > >
> > >
> > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
> > > List Archive: http://www.mail-
> > > archive.com/imail_forum%40list.ipswitch.com/
> > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
> >
> >
> >
> > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
> > List Archive:
> > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
> 
> To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
> List Archive: http://www.mail-
> archive.com/imail_forum%40list.ipswitch.com/
> Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/



To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Reply via email to