[tpop3d-discuss]Hackers using tpop3d to brute passwords
Nate
nm_list at visp.net
Mon, 18 Dec 2006 09:55:06 -0800
A new issues has arisen with our use of tpop3d. Bear in mind this is
not a bug report but rather an annoyance that I'm hoping someone has
solved, and if not, perhaps as a community we can come up with a
useful solution.
I earlier reported that my tpop3d blows up for no apparent reason at
times. It happened a couple times this weekend as well and turned
out with thorough analysis of the logs it is someone trying to brute
force passwords. They just keep trying and trying with different
usernames and passwords until they break one.
I'm not currently seeing any existing support to prevent this. I've
seen in other applications settings or internals which once an IP has
had 3 simultaneous failures, it blocks it for 5 minutes. Other
variations exist, but in an attempt to make brute forcing not worth
it for the hacker.
Any patches out there for tpop3d to accomplish this? Any other
thoughts? I have an idea to just write a log watcher to watch for
failures and upon a certain rule set apply iptables filters to block
them; however, I think this could be much better handled within tpop3d.
Thanks,
- Nate