Oh I forgot to say - set 'autValencePB' high if possible and block early
on extremePB - or
wait for 2.0.2_1.2.05 where the V1 behavior ('DelayIP', 'DelayIPTime')
will be available (with a much faster code), which delays connection
early, based on the current IP-score (PBBlack) for a specific time.
Thomas
Von: Thomas Eckardt <[email protected]>
An: ASSP development mailing list <[email protected]>
Datum: 31.08.2010 18:17
Betreff: Re: [Assp-test] fixes and changes in 2.0.2_1.2.04
>Suggestion: that we be able to specify the time within which the max
number can occur.
There is no need to do this.
IP -> AUTHFAIL1 -> counter = 1
IP -> AUTHFAIL2 -> counter = 2
IP -> AUTHFAIL3 -> reached max (3) -> counter = 4
now the IP is blocked
after 5 minutes counter = 3
ip is blocked
after 5 minutes counter = 2
ip is free to send mails (counter goes down to 0 after 2x5 minutes)
but if
IP -> AUTHFAIL4 -> reached max (3) -> counter = 4
now the IP is blocked
after 5 minutes counter = 3
ip is blocked
after 5 minutes counter = 2
ip is free to send mails
Thomas
Von: Trevor Jacques <[email protected]>
An: ASSP development mailing list <[email protected]>
Datum: 31.08.2010 14:39
Betreff: Re: [Assp-test] fixes and changes in 2.0.2_1.2.04
> added: MaxAUTHErrors
Yay! I just had a bad one, yesterday. It was a very fast one that caused
the server to heave under the load. This is a GREAT addition.
Suggestion: that we be able to specify the time within which the max
number can occur. This is mainly because the frequency of such attacks
(i.e. the time between each name in the dictionary) can vary a lot.
Getting some form of stats on this would be nice, too, even if not
necessary. It might be useful to know 1) a running overall total number of
IPs that try such attacks, 2) average number of complete attacks per IP,
and 3) the average time between names tried in any given attack that
caused the blocking. These may be too much to include in stats, but, as
one who has seen this kind of attack cause serious problems to my server,
I'd certainly be interested to know what these guys are doing and how
often.
Thanks again for this function, even if it remains in its current state.
T.
------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:
Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:
Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:
Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
