----- Original Message ----- From: "Rick Davidson" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, June 21, 2004 11:09 Subject: Re: [IMail Forum] Dictionary Attacks and MX Records
> dunno if this will help but here is a perl script I use to count ip > addresses in the imail sysXXXX.txt files, its quick and dirty but will give > you a list of ip addresses that connected to your server and how many times. > I run the command line from a bat file for ease of use. The draw back is > that dictionary attacks are often done with spam zombies which could keep > you busy greppin for a long time. I have a script written in VBS which imports the ERR rejections in the logfile to a MySQL table, dividing everything into 288 five-minute segments (for a total of 24 hours). With these hopefully I can start determining the frequency with which something attacks. As I said, the trick is determining the trigger for a dictionary onslaught, and determining how long an IP address should remain blocked. I certainly do not want a permanent blocked senders list, but I want to cripple IPs that are pushing through dozens of a messages a day, and possibly hundreds a week. The other problem is size. I can envision such a database hitting hundreds of thousands of addresses to even see a significant drop, and now we're probably pushing to the point where IMail's access control system will become a big problem. -- A. Clausen [EMAIL PROTECTED] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
