Re: Limit Number of POP3 account access attempts

Petr Novotny Mon, 13 Dec 1999 10:02:50 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 13 Dec 99, at 17:40, Boris Atanassov wrote:
>   I browsed through the message archive, but couldn't find solution for
> the following problem : how to limit the number of POP3 unsuccessful
> account access attempts ? I'm running a qmail-mysql linux 2.2.10 system
> which is not behind a firewall so I would like to have something like
> that.

A really cool way to prevent brute-force dictionary attack is to 
invoke "sleep 2s; /bin/checkpasswd" instead of /bin/checkpasswd. 
It's only a little nuisance for the legitimate users, and effectively 
disables brute force. (Of course you need to limit number of running 
connections via tcpserver.)

:-)

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60 
Comment: http://community.wow.net/grt/qdpgp.html

iQA/AwUBOFU+V1MwP8g7qbw/EQJK7gCeJpWZVXAuNjhJs1l8n2ehXXWQYtcAoNxY
WihqZgwFeTpPk8W95cZEAm0D
=HCNh
-----END PGP SIGNATURE-----
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
                                                             [Tom Waits]

Re: Limit Number of POP3 account access attempts

Reply via email to