Index: [Article Count Order] [Thread]

Date:  Thu, 08 May 2008 10:01:37 +0100
From:  Dogsbody <dan (at mark)>
Subject:  [coba-e:12759] Re: [testing] dovecot udpate
To:  coba-e (at mark)
Message-Id:  <4822C171.9080300 (at mark)>
In-Reply-To:  <75b701c8b08b$8a63acf0$6601a8c0@OfficeKen>
References:  <75b701c8b08b$8a63acf0$6601a8c0@OfficeKen>
X-Mail-Count: 12759

>>> I've been playing around with the "login_max_processes_count" option in
>>> dovecot.conf, and while it seems to work great preventing issues when
>>> there is a dictionary-attack against POP3, it obviously had no affect on
>>> a recent FTP dictionary-attack... pwdb still flaked out, and you would
>>> have to login with root (since root is in shadow vs pwdb) to manually
>>> fix or wait for sometime after the attack has stopped (time enough for
>>> db_recover to do its thing).
>> As far as FTP and SSH dictionary attacks, it is easy to prevent them.
>> # 1. install the apf firewall
>> #2.  install the bfd brute force detection

I'm of the same view that dictionary attacks should not affect any 
system that has a proper firewall.  I just use an iptables recipe that I 
came up with on all my machines and have never had a single problem with 
the issues discussed here!

Why can't we install a proper firewall with BQ?  We already setup 
iptables as a packet counter so it wouldn't be any more work than 
updating a few files... although I guess we would need to build a GUI 
around it.

Just my 0.02 GBP