Re: Security risk of POP3 & IMAP protocols

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




--On 13 February 2009 15:30:46 +0000 Alain Williams <addw@xxxxxxxxxxxx> 
wrote:

> [23~On Fri, Feb 13, 2009 at 03:21:06PM +0000, Ian Eiloart wrote:
>>
>>
>> --On 13 February 2009 14:35:43 +0000 Alain Williams <addw@xxxxxxxxxxxx>
>> wrote:
>>
>> > That got me thinking ....
>> > I rate limit ssh connections to try to prevent dictionary attacks (3
>> > attempts/3 minutes/IP address). If I were to do the same with IMAP
>> > would that cause problems with some clients, ie are there some clients
>> > that to many connect/disconnects ?
>>
>> Yes. Anything that opens a bunch of mailboxes at the same time might be
>> doing way more than that. You should be measuring "failed attempts", not
>> "attempts".
>
> Yes, but I do the rate limiting with iptables (Linux firewall).
> I don't know how to feedback failed attempts to iptables.

Hmm, and for the webmail case, you'd want to do failed attempts per 
username per minute, not per IP address. Or, exempt your webmail server.

Apple Mail is a case in point, it checks for new mail in "your INBOX" or 
"all of your mailboxes" in parallel. I've seen it open dozens of 
connections from a single user, simultaneously.

-- 
Ian Eiloart
IT Services, University of Sussex
x3148
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux