Hi Archer-
The type of attack you have is, in my experience at least, unusual in that
it was not distributed and so is easy to block. In reality, every device
that requires a password - server or otherwise - is ultimately vulnerable to
a well-organized distributed password dictionary DOS attack. In such a case,
your problem goes away when the attacker says it goes away. The only current
answer is more bandwidth and more hardware, but it is a losing battle if the
attacker has 100,000 zombies, each spewing dozens of random passwords per
second at your server.
It is possible to build a POP server that graylists on the first failed
password for, say, a few minutes. That would be sufficient to slow down an
attack significantly. But to my knowledge nobody is doing that on a POP
server.
-d
----- Original Message -----
From: "Archer Koch" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Tuesday, August 15, 2006 5:47 PM
Subject: RE: [IMail Forum] POP3 Security / DOS Attack
Gentlemen:
I do truly appreciate your responses. However, I hope that you aren't
missing the bigger picture. Should we all not be feeling immensely
vulnerable right now? What happens as this form of attack gains momentum?
Granted, this appears to be an isolated incident at the moment. But it
was
a successful DOS attack that will (in all probability) be repeated. Your
Imail server might be next. What will you do?
I called Ipswitch, but they didn't seem overly concerned. I submitted a
longer excerpt from the log and will sit here holding my breath. It may
very well take a catastrophe to get people riled up enough for this to get
some serious attention. I'd much prefer a more proactive approach,
however.
Archer
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty
Sent: Tuesday, August 15, 2006 2:04 PM
To: [email protected]
Subject: Re: [IMail Forum] POP3 Security / DOS Attack
It's SBC. They'll probably listen:
<snip>
----- Original Message -----
From: "Kevin Bilbee" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Tuesday, August 15, 2006 4:48 PM
Subject: RE: [IMail Forum] POP3 Security / DOS Attack
Also, if possible, lookup the owner of the IP and report he abuse to them
if
they are willing to listen.
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
