From: Thomas E. <Tho...@th...> - 2010-08-31 16:17:18
|
>Suggestion: that we be able to specify the time within which the max number can occur. There is no need to do this. IP -> AUTHFAIL1 -> counter = 1 IP -> AUTHFAIL2 -> counter = 2 IP -> AUTHFAIL3 -> reached max (3) -> counter = 4 now the IP is blocked after 5 minutes counter = 3 ip is blocked after 5 minutes counter = 2 ip is free to send mails (counter goes down to 0 after 2x5 minutes) but if IP -> AUTHFAIL4 -> reached max (3) -> counter = 4 now the IP is blocked after 5 minutes counter = 3 ip is blocked after 5 minutes counter = 2 ip is free to send mails Thomas Von: Trevor Jacques <Trevor@Videlicet.com> An: ASSP development mailing list <ass...@li...> Datum: 31.08.2010 14:39 Betreff: Re: [Assp-test] fixes and changes in 2.0.2_1.2.04 > added: MaxAUTHErrors Yay! I just had a bad one, yesterday. It was a very fast one that caused the server to heave under the load. This is a GREAT addition. Suggestion: that we be able to specify the time within which the max number can occur. This is mainly because the frequency of such attacks (i.e. the time between each name in the dictionary) can vary a lot. Getting some form of stats on this would be nice, too, even if not necessary. It might be useful to know 1) a running overall total number of IPs that try such attacks, 2) average number of complete attacks per IP, and 3) the average time between names tried in any given attack that caused the blocking. These may be too much to include in stats, but, as one who has seen this kind of attack cause serious problems to my server, I'd certainly be interested to know what these guys are doing and how often. Thanks again for this function, even if it remains in its current state. T. ------------------------------------------------------------------------------ This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd _______________________________________________ Assp-test mailing list Ass...@li... https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* |