On 22/04/2020 20.29, Johannes Rohr wrote:
> Is there a reasonable way of detecting and preventing logins from
> unusual IP ranges? Or are there other strategies you would recommend?
I'd generally set up a short ban on logins originally, and then a second,
longer ban for 'repeat offenders'. You ba
I have PFSense too and it rocks!
> On Apr 22, 2020, at 14:52, byal...@yahoo.com.br wrote:
>
> Usually I use pfsense as main firewall with snort blocking all kind of scans
> and others.
>
> Fail2ban triggering after 3 unsuccessful tries and for last iptables if Linux
> or ipfw If Freebsd
>
>
Iptables or ipfw you always can create tables / chains and feed those with desirable IP's to ban.Something like fail2ban does. Make a big list, remove one or other IP.On my setup, I got all IP's from all services and concatenate them for an local ban as fallback... (From Apache logs, from email log
On 2020-04-22 2:52 p.m., byal...@yahoo.com.br wrote:
Usually I use pfsense as main firewall with snort blocking all kind of
scans and others.
Fail2ban triggering after 3 unsuccessful tries and for last iptables if
Linux or ipfw If Freebsd
Keep pfsense synced with intrusion lists is an must h
Usually I use pfsense as main firewall with snort blocking all kind of scans and others.Fail2ban triggering after 3 unsuccessful tries and for last iptables if Linux or ipfw If FreebsdKeep pfsense synced with intrusion lists is an must have.And for last, bans are not temporary on my setup, are fore
On Wed, 22 Apr 2020, Johannes Rohr wrote:
It is a pity that the IMAP protocol does not support 2 factor
authentication, which seems to stop 90% of intrusion attempts in their
tracks.
You could use VPN, which can enforce 2FA.
You can hack 2FA into IMAP or any protocol where you can control
the
On 2020-04-22 18:58, Aki Tuomi wrote:
You mean https://github.com/PowerDNS/weakforced ?
yes need in detail wiki how to make that run with dovecot, i will make a
gentoo ebuild if needed to get that out of powerdns, hope to see it in
dovecot contrib so i can add it to gentoo portage maintiner
On 22/04/2020 19:56 Benny Pedersen <
m...@junc.eu> wrote:
On 2020-04-22 18:45, Sami Ketola wrote:
Actually by far the biggest source of stolen credentials is
viruses/trojans harvesting
On 2020-04-22 18:45, Sami Ketola wrote:
Actually by far the biggest source of stolen credentials is
viruses/trojans harvesting them.
i tryed blacklist all ips that got passwords errors, but that ends in
big shorewall blrules so i turn it over to just add whitelist into
blrules where ips is k
> On 22. Apr 2020, at 19.14, Michael Peddemors wrote:
> The three most common attack vectors, (and attack volumes have never been
> higher) are:
>
> * Sniffed unencrypted credentials
> (Assume every home wifi router and CPE equipment are compromised ;)
> * Re-used passwords where data is exp
On 2020-04-22 5:29 a.m., Johannes Rohr wrote:
Dear all,
what are the key strategies for intrusion prevention and detection with
dovecot, apart from installing fail2ban?
It is a pity that the IMAP protocol does not support 2 factor
authentication, which seems to stop 90% of intrusion attempts in
don't use
webmail and while I'm sure Morocco is a fine country, I don't need email access
from there. This is why I now run my own email.
Original Message
From: johan...@rohr.org
Sent: April 22, 2020 5:30 AM
To: dovecot@dovecot.org
Subject: Recommendations on intru
> On 22/04/2020 15:29 Johannes Rohr wrote:
>
>
> Dear all,
>
> what are the key strategies for intrusion prevention and detection with
> dovecot, apart from installing fail2ban?
> It is a pity that the IMAP protocol does not support 2 factor
> authentication, which seems to stop 90% of intru
Dear all,
what are the key strategies for intrusion prevention and detection with
dovecot, apart from installing fail2ban?
It is a pity that the IMAP protocol does not support 2 factor
authentication, which seems to stop 90% of intrusion attempts in their
tracks. Without it, if someone has obtaine
14 matches
Mail list logo
