Re: [Exim] smtp auth and brute force attacks

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Suresh Ramasubramanian
CC: exim-users
Subject: Re: [Exim] smtp auth and brute force attacks
On Thu, 3 Oct 2002, Suresh Ramasubramanian wrote:

> On Thursday, October 03, 2002 7:16 PM,
> Ulrich Laupert <u.laupert@???> wrote:
>
> > What I mean is, when someone is trying to authenticate herself
> > (tested with auth plain), on providing a wrong login/password
> > pair, all what happens is that exim replys with a "535
> > Incorrect authentication data". It neither sleeps for t seconds
>
> "too many smtp errors" will pop up, happen this goes on for long enough.


No, there isn't that. There is only "too many unrecognized commands".

I've noted the problem. Probably putting in some delay AND a total count
is the best approach. Just dropping the connection after AUTH doesn't
really help all that much - the bad guy just makes a new connection.

Or maybe always return FAIL after 5 tries?

--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.