I think it is a good idea to block after so many attempts. But many distributed dictionary attacks only attempt two to three passwords on a given name from a given IP address. There are many ways around what you are proposing. It only slows down the attack or blocks out your legitimate users from accessing their accounts.
Blocking on a certain number of unknown users is just a futile and has the same problems with blocking legitimate users. It will only slow down the attack not stop it. Slowing it down would be a good start. Kevin Bilbee > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:Imail_Forum- > [EMAIL PROTECTED] On Behalf Of John T (Lists) > Sent: Tuesday, August 15, 2006 3:57 PM > To: [email protected] > Subject: RE: [IMail Forum] POP3 Security / DOS Attack > > Trying to defeat such an attack with pure resource power is going to be > a losing battle. There must be a mechanism in place to stop the attack, > not just overcome it. > > Going by your logic, there is no need for denying an IP on incoming > traffic after so many unknown users. > > John T > eServices For You > > "Seek, and ye shall find!" > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:Imail_Forum- > > [EMAIL PROTECTED] On Behalf Of Kevin Bilbee > > Sent: Tuesday, August 15, 2006 3:16 PM > > To: [email protected] > > Subject: RE: [IMail Forum] POP3 Security / DOS Attack > > > > The only way you can stop something like this is to block the IP > address. > If it is > > coming from multiple sources then you need the power to withstand the > attack and > > hope none of your accounts are compromised. That is why it is so > > important > that > > strong passwords are enforced and that IPSwitch should really heed > the > thread last > > month on strong password enforcement. > > > > > > Kevin Bilbee > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] [mailto:Imail_Forum- > > > [EMAIL PROTECTED] On Behalf Of Archer Koch > > > Sent: Tuesday, August 15, 2006 2:47 PM > > > To: [email protected] > > > Subject: RE: [IMail Forum] POP3 Security / DOS Attack > > > > > > Gentlemen: > > > > > > I do truly appreciate your responses. However, I hope that you > > > aren't missing the bigger picture. Should we all not be feeling > > > immensely vulnerable right now? What happens as this form of > attack > > > gains momentum? > > > Granted, this appears to be an isolated incident at the moment. > But > > > it was a successful DOS attack that will (in all probability) be > repeated. > > > Your Imail server might be next. What will you do? > > > > > > I called Ipswitch, but they didn't seem overly concerned. I > > > submitted a longer excerpt from the log and will sit here holding > my > > > breath. It may very well take a catastrophe to get people riled up > > > enough for this to get some serious attention. I'd much prefer a > > > more proactive approach, however. > > > > > > Archer > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of Dave > > > Doherty > > > Sent: Tuesday, August 15, 2006 2:04 PM > > > To: [email protected] > > > Subject: Re: [IMail Forum] POP3 Security / DOS Attack > > > > > > It's SBC. They'll probably listen: > > > > > > <snip> > > > > > > ----- Original Message ----- > > > From: "Kevin Bilbee" <[EMAIL PROTECTED]> > > > To: <[email protected]> > > > Sent: Tuesday, August 15, 2006 4:48 PM > > > Subject: RE: [IMail Forum] POP3 Security / DOS Attack > > > > > > > > > Also, if possible, lookup the owner of the IP and report he abuse > to > > > them if > > > > > > they are willing to listen. > > > > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > > List Archive: http://www.mail- > > > archive.com/imail_forum%40list.ipswitch.com/ > > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > > > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > > List Archive: > > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail- > archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
