Security risk of POP3 & IMAP protocols
Ian Eiloart
iane at sussex.ac.uk
Fri Feb 13 10:21:06 EST 2009
--On 13 February 2009 14:35:43 +0000 Alain Williams <addw at phcomp.co.uk>
wrote:
> That got me thinking ....
> I rate limit ssh connections to try to prevent dictionary attacks (3
> attempts/3 minutes/IP address). If I were to do the same with IMAP would
> that cause problems with some clients, ie are there some clients that to
> many connect/disconnects ?
Yes. Anything that opens a bunch of mailboxes at the same time might be
doing way more than that. You should be measuring "failed attempts", not
"attempts".
--
Ian Eiloart
IT Services, University of Sussex
x3148
More information about the Info-cyrus
mailing list