Josip Almasi wrote:
Usually a few seconds timeout is just fine protection against
bruteforce attacks. It may not be as good against dictionary attacks,
but its up to admin to disallow weak passwords.
So IMHO auth handler should just sleep a a bit after unsucessfull auth.
This is similar to another technique called Tarpitting [1]. This
inserts a small (but increasing) delay after each RCPT TO command.
Another technique is called Teergrubing [2] where you deliberately try
to keep a spambot on the line as long as possible with the theory that
while you keep it hanging around its spam sending capacity is severely
curtailed.
Then again, that's why attacker does not wait for the response, he
just opens another socket and tries again:) And thats where the
iptables trick kick in;)
Ah! I see... that's clever! I see now why you would get so many
re-connections.
Regards,
David Legg
[1] http://www.palomine.net/qmail/tarpit.html
[2] http://www.iks-jena.de/mitarb/lutz/usenet/teergrube.en.html
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
