I would like to write an IPtables ruleset for this. I have already done it with
SSH which works great but I'm unsure of connections for POP3 and IMAP as I
believe users make multiple connections to the server by default??
Is there a maximum for the number of connections a user makes to POP3 or IMAP?
Actually it would be the number of simultaneous *new* connections so that a rule
could be set of no more than perhaps 10 new connections in 10 seconds!?
Dan
Darrell D. Mobley wrote:
> That same thing happened to me. Fortunately, I was nearby and saw it
> come on. I dropped the IP address in iptables and that took care of
> that one, but some more automated feature would be nice because dovecot
> and PAM don稚 appreciate dictionary attacks.
>
>
>
> *From:* Ken Marcus - Precision Web Hosting, Inc.
> [mailto:kenmarcus (at mark) precisionweb.net]
> *Sent:* Thursday, March 15, 2007 6:08 PM
> *To:* coba-e (at mark) bluequartz.org
> *Subject:* [coba-e:09193] dictionary attack
>
>
>
> Does anyone know of a good scripts for blocking IPs with too many
> authentication failures.
>
> 6128 attempts from this one IP.
>
>
>
> cat /var/log/maillog | grep 99.72.131.83 -c
> 6128
>
>
>
> Mar 15 14:22:53 blue92 dovecot: pop3-login: Aborted login: user=<bebe>,
> method=PLAIN, rip=199.72.131.83
>
> Mar 15 14:22:53 blue92 dovecot: pop3-login: Aborted login:
> user=<beatrice>, method=PLAIN, rip=199.72.131.83
>
>
>
>
>
> ----
>
> Ken Marcus
>
> Precision Web Hosting, Inc.
>
> http://www.precisionweb.net
>
>
>
>
>
>
>
--
Personal : http://www.dogsbody.org/
Skating : http://www.cskate.co.uk/
Hosting : http://www.dogsbodyhosting.net/