9.06.2017 22:37
Betreff: Re: [Assp-test] Possible feature requests
Extending the blocking to the subnet is a great idea. But again, I am
*not*
suggesting to block the user! I'm saying to increase the hostile response
toward *failed* login IPs.
Regular users should be unaffected.
Danie
Extending the blocking to the subnet is a great idea. But again, I am *not*
suggesting to block the user! I'm saying to increase the hostile response
toward *failed* login IPs.
Regular users should be unaffected.
Daniel
On June 29, 2017 7:03:52 AM Grayhat wrote:
:: On
:: On Wed, 28 Jun 2017 08:38:34 -0700
::
::
Daniel Miller wrote:
> Again, my request is to auto-block *IPs* of *failed* auths. Not lock
> the account. Not block valid auths. Regular users would
>>> but I don't know how to implement immediate blocking after multiple
>>> different IPs fail.
I should elaborate a little.
I don't track ASSP logs for failures of any particular email address, I look
for any auth failures on a per IP Address basis and ban accordingly
Doug
[assp_auth_failure]
# Ignore failures on our local networks
ignoreip = 127.0.0.1 172.21.0.0/16 192.168.0.0/16 10.0.0.0/24
enabled = true
port = smtp,ssmtp
filter = assp_auth_failure
action = iptables-multiport[name=ASSP_AUTH, port="25,587", protocol=tcp]
Although, unless you've got some special rules, this would be difficult to
implement with fail2ban.
With fail2ban (and I don't play with it much) you could have every failed
Auth blocked - but I don't know how to implement immediate blocking after
multiple different IPs fail.
Daniel
On
Exactly. Just opening a discussion on whether such might be beneficial
integrated in ASSP.
Daniel
On June 28, 2017 8:32:52 AM Doug Lytle via Assp-test
wrote:
My initial reaction to this was "cool idea!", but then I thought about the
implications to valid
on so that users didn't enable it blindly.
Just my thoughts.
Peter
-Original Message-
From: Daniel Miller [mailto:dmil...@amfes.com]
Sent: Tuesday, June 27, 2017 2:10 PM
To: ASSP development mailing list <assp-test@lists.sourceforge.net>
Subject: Re: [Assp-test] Possible feature requests
>>> My initial reaction to this was "cool idea!", but then I thought about the
>>> implications to valid users.
I currently do this with Fail2Ban with an expire time.
Doug
--
Check out the vibrant tech community on
urceforge.net>
Subject: Re: [Assp-test] Possible feature requests
My intended function is to specifically block IP's with invalid auths.
So users with properly configured clients will never see an issue.
Daniel
On 6/27/2017 1:07 PM, Robert K Coffman Jr. -Info From Data Corp. wrote:
My intended function is to specifically block IP's with invalid auths.
So users with properly configured clients will never see an issue.
Daniel
On 6/27/2017 1:07 PM, Robert K Coffman Jr. -Info From Data Corp. wrote:
A big problem with that is it would cause a DOS for the username if it
is
I'm not saying either of these are good ideas - just wondering.
Like everybody I see a lot of hack attempts. One possibility I'm
considering is when a given local account name is tried - but with wrong
passwords - that account is flagged and all further invalid logins are
added to a
12 matches
Mail list logo