> I do know that his bottom line was that Black Ice wouldn't do what I > wanted, but he did try and sell me on the firewall and intrusion > detection features.
I have written on this previously. Black Ice does not stop dictionary attacks per se. It does test errors returned from Imail and if the number exceeds its threshold (maximum errors returned) then it will temporarily blacklist the IP address. This is only slightly better than nothing at all. Imail apparently reports these either after the SMTP session or after some unknown interval or event. I've watched one dictionary attack hit more than 4,000 rcpt to errors without Black Ice being triggered. Just for the record I wrote a program which tailed the log file looking for rcpt to errors and would automatically then add the offending IP address to the Imail ACL. However, there were many problems with this. Just as with Black Ice the error information is just not available from Imail rapidly enough, i.e., the log files represent history. So I finally stopped it because it was more trouble than it was help. We also began having "0x00000008 Double Fault" errors which I believed had something to do with Black Ice. I turned it off and have never had another error since. This should be addressed inside the SMTP dialogue. Terry Fritts --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
