Re: [Exim] smtp auth and brute force attacks

Top Page
Delete this message
Reply to this message
Author: Dave C.
Date:  
To: Tamas TEVESZ
CC: exim-users
Subject: Re: [Exim] smtp auth and brute force attacks
On Thu, 3 Oct 2002, Tamas TEVESZ wrote:

> On Thu, 3 Oct 2002, Philip Hazel wrote:
>
> > I've noted the problem. Probably putting in some delay AND a total count
>
> but how do you keep a total count ? (i'm referring to exim being
> decentralized and the like). and for what timeframe ?
>
> > is the best approach. Just dropping the connection after AUTH doesn't
> > really help all that much - the bad guy just makes a new connection.
> >
> > Or maybe always return FAIL after 5 tries?
>
> in the same connection only, or all subsequent connections as well ?


Surely on the same connection only. Or perhaps on future connections
from the same IP address, up to a maximum of time m where m is tunable
in the config file.

> first makes no sense imho (because of what you mentioned already), the
> second one is a big `shoot here' sign for dos attacks.
>
> i'd hazard a guess that this issue is best solved outside exim -
> whoever needs such protection, should use some external auth source
> (like pam, sql lookups, ldap lookups or whatever), and this logic
> should be implemented there, always tailored for one's own
> preferences.
>
>
> --
> (void)
>
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>