>Is there any we can stop this ie when an ip address tries to login X number
>of times it gets automatically blocked, or be alerted when it is happening
>so we can block it.
There would have to a NT service running that surfed the imail log
and summed over time for each sender ip how many whatevers occurred
and raised an alert and/or added the ip to Imail's access control
list. I've not seen such a tool here.
btw, I was helping an ISP tune his busy IMGate last Saturday when for
4+ hours IMGate was attacked by dictionary attack. I detected it by
seeing his hourly reject rate jump from 1200 to 2500. We didn't
have any logsurfing running, but we had configured IMGate to reject
"unauthorized SMTP command pipe-lining" which is, because it's so
fast, what these dictionary attackers often use. IMGate took the
attack, rejected all the msgs, and not one msg of the 5000 in the
attack got through to Imail. Imail would have had to perform 5000
user lookups. Yet another advantage of having a separate machine be
a front-end to Internet for Imail.
Len
http://BIND8NT.MEIway.com : ISC BIND 8.2.2 p5 & 8.2.3 T6B for NT4 & W2K
http://IMGate.MEIway.com : Build free, hi-perf, anti-spam mail gateways
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
