Re: [Assp-test] Possible feature requests

9.06.2017 22:37 Betreff: Re: [Assp-test] Possible feature requests Extending the blocking to the subnet is a great idea. But again, I am *not* suggesting to block the user! I'm saying to increase the hostile response toward *failed* login IPs. Regular users should be unaffected. Danie

Re: [Assp-test] Possible feature requests

Extending the blocking to the subnet is a great idea. But again, I am *not* suggesting to block the user! I'm saying to increase the hostile response toward *failed* login IPs. Regular users should be unaffected. Daniel On June 29, 2017 7:03:52 AM Grayhat wrote: :: On

Re: [Assp-test] Possible feature requests

:: On Wed, 28 Jun 2017 08:38:34 -0700 :: :: Daniel Miller wrote: > Again, my request is to auto-block *IPs* of *failed* auths. Not lock > the account. Not block valid auths. Regular users would

Re: [Assp-test] Possible feature requests

>>> but I don't know how to implement immediate blocking after multiple >>> different IPs fail. I should elaborate a little. I don't track ASSP logs for failures of any particular email address, I look for any auth failures on a per IP Address basis and ban accordingly Doug

Re: [Assp-test] Possible feature requests

[assp_auth_failure] # Ignore failures on our local networks ignoreip = 127.0.0.1 172.21.0.0/16 192.168.0.0/16 10.0.0.0/24 enabled = true port = smtp,ssmtp filter = assp_auth_failure action = iptables-multiport[name=ASSP_AUTH, port="25,587", protocol=tcp]

Re: [Assp-test] Possible feature requests

Although, unless you've got some special rules, this would be difficult to implement with fail2ban. With fail2ban (and I don't play with it much) you could have every failed Auth blocked - but I don't know how to implement immediate blocking after multiple different IPs fail. Daniel On

Re: [Assp-test] Possible feature requests

Exactly. Just opening a discussion on whether such might be beneficial integrated in ASSP. Daniel On June 28, 2017 8:32:52 AM Doug Lytle via Assp-test wrote: My initial reaction to this was "cool idea!", but then I thought about the implications to valid

Re: [Assp-test] Possible feature requests

on so that users didn't enable it blindly. Just my thoughts. Peter -Original Message- From: Daniel Miller [mailto:dmil...@amfes.com] Sent: Tuesday, June 27, 2017 2:10 PM To: ASSP development mailing list <assp-test@lists.sourceforge.net> Subject: Re: [Assp-test] Possible feature requests

Re: [Assp-test] Possible feature requests

>>> My initial reaction to this was "cool idea!", but then I thought about the >>> implications to valid users. I currently do this with Fail2Ban with an expire time. Doug -- Check out the vibrant tech community on

Re: [Assp-test] Possible feature requests

urceforge.net> Subject: Re: [Assp-test] Possible feature requests My intended function is to specifically block IP's with invalid auths. So users with properly configured clients will never see an issue. Daniel On 6/27/2017 1:07 PM, Robert K Coffman Jr. -Info From Data Corp. wrote:

Re: [Assp-test] Possible feature requests

My intended function is to specifically block IP's with invalid auths. So users with properly configured clients will never see an issue. Daniel On 6/27/2017 1:07 PM, Robert K Coffman Jr. -Info From Data Corp. wrote: A big problem with that is it would cause a DOS for the username if it is

[Assp-test] Possible feature requests

I'm not saying either of these are good ideas - just wondering. Like everybody I see a lot of hack attempts. One possibility I'm considering is when a given local account name is tried - but with wrong passwords - that account is flagged and all further invalid logins are added to a