Blake Hudson wrote: > > These types of threats are becoming more and more common and in reaction > awareness is increasing and more software seems to be implementing > mechanisms to cope. I would personally love to see Cyrus implement some > sort of connection limit or throttling per IP/network/user. The current > process limits do help ensure that one daemon does not make the machine > unusable, but does nothing to prevent a DoS attack. > > -Blake I agree with Blake, while I can do it with IPtables it's not a good solution. The first iptables suggestion blocked the offending IP, which is fine, but also requires me to babysit the server. The second suggestion would correctly limit connections, but if I'm reading it right, would lump all connections together, not just connections per originating IP address. The pam suggestion doesn't really free up processes since the connections would still be made, not to mention that I'm not using pam, so that is pretty much out. Fail2ban is interesting (I could whip this up in perl in 10 minutes) but it's kind of a hack. In the end it would be best to have this part of cyrus. That way we can do different things based on number of connections in a time period, number of simultaneous connections, or password failure. Perhaps someone can add it to the wish list, I would write it myself except my C skills are lacking. Perhaps I'll just write some perl hack to scan the logs until there is a better way to do it. Thanks, schu ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html