Login attack on cyrus imap
Daniel O'Connor
doconnor at gsoft.com.au
Thu Nov 2 17:33:47 EST 2006
On Friday 03 November 2006 07:53, Jim John wrote:
> Hi all. Our cyrus was hit by a "denial of service"
> type attack. Basically, they kept trying to login as
> different users per second. They didn't crash the
> server, but they did crash our LDAP which is what we
> used for authentication. We would like to know if
> there is a way to prevent these types of attacks? We
> use PLAIN LOGIN and Cyrus SASL for authentication.
My firewall protects against these sort of things - I use PF and it has a
feature where it can add an IP to a table if it attempts to connect more
often than you specify.
I have a script which removes old entries from the table - it is also very
effective at stopping SSH brute force attempts (which is why I added it in
the first place)
--
Daniel O'Connor software and network engineer
for Genesis Software - http://www.gsoft.com.au
"The nice thing about standards is that there
are so many of them to choose from."
-- Andrew Tanenbaum
GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20061103/a654c2b5/attachment.bin
More information about the Info-cyrus
mailing list