On Friday 03 November 2006 07:53, Jim John wrote: > Hi all. Our cyrus was hit by a "denial of service" > type attack. Basically, they kept trying to login as > different users per second. They didn't crash the > server, but they did crash our LDAP which is what we > used for authentication. We would like to know if > there is a way to prevent these types of attacks? We > use PLAIN LOGIN and Cyrus SASL for authentication. My firewall protects against these sort of things - I use PF and it has a feature where it can add an IP to a table if it attempts to connect more often than you specify. I have a script which removes old entries from the table - it is also very effective at stopping SSH brute force attempts (which is why I added it in the first place) -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C
Attachment:
pgp5LiQM38SeN.pgp
Description: PGP signature
---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
