Sorry, thought you were saying there were three choices in the configuration settings...
At the risk of being a broken record, this still doesn't protect from what I've seen to be the most common type of dictionary attack...one in which each attempt comes from a different IP. In fact, I haven't seen them coming from a single IP since well over a year ago....when we added a 250 ms delay between recipients in the SMTP advanced settings. That slows down the attack enough that it effectively tarpits the attacker. Darin. ----- Original Message ----- From: "Ted Galerneau" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, November 23, 2004 5:15 PM Subject: RE: [IMail Forum] Dictionary attacks and TCP Probes? Thanks Darin, but the deal is that Cycle Rider posted how to make this automatically ban them for one day. I need to know how to auto select that "One Hour" :) <ginning back> I think that should be enough to make us not worthwhile and too much trouble to do dictionary attacks on. However I am learning to not underestimate the amount of effort spammers will go through to do what that do! -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darin Cox Sent: Tuesday, November 23, 2004 12:56 PM To: [EMAIL PROTECTED] Subject: Re: [IMail Forum] Dictionary attacks and TCP Probes? Hmmm...looks to me like setting it to one hour would mean selecting the "One Hour" choice...<grin> Darin. ----- Original Message ----- From: "Ted Galerneau" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, November 23, 2004 3:18 PM Subject: RE: [IMail Forum] Dictionary attacks and TCP Probes? Thanks Len, I did bump it up to 5 after our client called as hopefully a temp fix. However I still am not sure how to make it block for one hour rather than 24 hours. There are only 3 choices, One Hour, One Day, and Forever. I don't think there is anyway to purge the BlackIce ban list without writing some scripts to do it. I don't see anything within the program that will do anything of that nature. While BlackIce is a pretty awesome program, there are some limitations. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Len Conrad Sent: Tuesday, November 23, 2004 12:02 PM To: [EMAIL PROTECTED] Subject: RE: [IMail Forum] Dictionary attacks and TCP Probes? >This has worked out pretty awesome until we had a client making a legitimate >mistake where he did a reply to an email where someone had put a name rather >than an email address. After trying 3 times in rapid succession he was >blocked for 24 hours. 3 is too low, double or triple it the algorithm should be fast attacking, checking every 15 minutes or so, not every 4 or 24 hours. >My question would be what to tweak in order to change the 24 hours to only >one hour? 1 hour is long enough. If they come back (or persist while blocked), you block (refresh) for another hour. For purging the list of inactive entries (to keep the list small), no activity for x hours, then remove from blocking. Len _____________________________________________________________________ http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
