similar to: [Bug 1049] Variable delay in password logins to fight dictionary attacks

http://bugzilla.mindrot.org/show_bug.cgi?id=1049 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED ------- Comment #3 from dtucker at zip.com.au 2006-10-07 11:40 ------- Change all RESOLVED bug to CLOSED with the exception

Hello All, Im using OpenSSH 4.1 with a proprietary pam module. This module does allow or deny access to the accound based on a policy file settings. Now if I deny the access to an account and attempt to connect to the sshd server for that account with valid password, it quickly returns to next prompt. When I try it with invalid password, it took some time to return to next prompt. Im wondering if

https://bugzilla.samba.org/show_bug.cgi?id=1818 Summary: Rsyncd refuses connection if reverse mapping fails Product: rsync Version: 2.5.7 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P3 Component: core AssignedTo: wayned@samba.org ReportedBy: heikki@indexdata.dk

Hi Guys, I was really hoping a couple of years later this would be addressed... I'm running Dovecot 2.2.5 on FreeBSD. Is there anyway to limit the number of auth attempts allowed in a single session? The reason for this is because I have "fail2ban" setup to firewall out any IP addresses that repeatedly auth fails. The issue occurs when the connection is already in an

I keep seeing 'Joe Average compromised computer on broadband' being used to do email dictionary attacks on our systems. Seems I always have several domains going through these. One in particular has been in the 'a-' list for weeks with about 20,000 attempts per day from various systems. Yeah, I do have a system which blocks email from these systems for a period of time after 3

I'm seeing strings of failed POP3 login attempts with obvious bogus usernames coming from different IP addresses. Today's originated from 216.31.146.19 (which resolves to neovisionlabs.com). This looks like a botnet attack. I got a similar probe a couple days ago. Is anyone else seeing these? The attack involves trying about 20 different names, about 3-4 seconds apart. Here's a

Hi, I been using dovecot for awhile and its been solid, however I been having some issues with dictionary attacks. I installed fail2ban and for the most part is working fine. However today I got another spammer relaying through my server. Looking at the logs I see the following dictonary attack from 94.242.206.37 Nov 10 03:04:38 pop dovecot: pop3-login: Disconnected: rip=94.242.206.37,

Does anyone have a script that will notice a Rumplestiltskin type spam attack (where they try every name possible) and drop the sending into a block list? -- Chris Mason NetConcepts (264) 497-5670 Fax: (264) 497-8463 Int: (305) 704-7249 Fax: (815)301-9759 UK 44.207.183.0271 Cell: 264-235-5670 Yahoo IM: netconcepts_anguilla@yahoo.com -- This message has been scanned for viruses and

Is there a way to listen on port 25 for repeated dictionary attacks to harvest email address and blacklist that Ip with shorewall? Thanks, Mike

Hi has someone a script which can filter out dictionary attacks from /var/log/maillog and notify about the source-IPs? i know about fail2ban and so on, but i would like to have a mail with the IP address for two reasons and avoid fail2ban at all because it does not match in the way we maintain firewalls * add the IP to a distributed "iptables-block.sh" and distribute it to any

Hi list If a user connect by Console or OpenSSH and type in the wrong password, I wish to delay the next password prompt. Use case is for example brute force attacks. I played with FAIL_DELAY in login.defs, but without success. cheers Simon -- XMPP: sjolle at swissjabber.org

Hi, I'm trying to get better at things like lapply but it still stumps me. I have a function I've written, tested and debugged using individual calls to the function, ala: ResultList5 = DoAvgCalcs(IndexData, Lookback=5, SampleSize=TestSamples , Iterations=TestIterations ) ResultList8 = DoAvgCalcs(IndexData, Lookback=8, SampleSize=TestSamples , Iterations=TestIterations ) ResultList13

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is there any way to disable logging of failures during pam_authenticate? I ask because OpenSSH is currently generating an extra "authentication failure..." message at each login. The problem is that OpenSSH likes to try a blank password attempting any other authentication. This is a shortcut for anonymous SSH servers (e.g. OpenBSD's

Somebody please forward this, if this is not an appropiate place to ask the OpenSSH developers for a new feature. As many of us have seen, any sshd left open on the internet eventually becomes the target of password guessing attacks. I am aware of tools for scanning the security logs, and manipulating iptables to block ongoing attacks, but I am not aware of a way to configure sshd itself to

Hello, include <iostream>#include <string>#include <xapian.h>struct document{ std::string title; std::string content; std::string url;}; void indexData(document d) { try { Xapian::WritableDatabase db("/Users/ramesh/Desktop/xapian", Xapian::DB_CREATE_OR_OPEN); Xapian::TermGenerator indexer; Xapian::Stem

Hello, include <iostream>#include <string>#include <xapian.h>struct document{ std::string title; std::string content; std::string url;}; void indexData(document d) { try { Xapian::WritableDatabase db("/Users/ramesh/Desktop/xapian", Xapian::DB_CREATE_OR_OPEN); Xapian::TermGenerator indexer; Xapian::Stem

Does dovecot have any dictionary attack defenses yet? In the past I have had to implement defense from outside dovecot, but since dovecot is at the front lines and therefore is the first to know I'm hoping by now there is something we can set. For example, a limit on access failures per minut/hour/day or some such. If not why not?

http://bugzilla.mindrot.org/show_bug.cgi?id=1165 Summary: 'groups' command fails on AIX when logged in as root user via SSH. Product: Portable OpenSSH Version: 4.2p1 Platform: Other OS/Version: AIX Status: NEW Severity: major Priority: P2 Component: Miscellaneous

Hi, The Solaris password requirements like a. no empty password b. minimum 6 chars etc for a regualr user are not enforced when a password expired user is changing password at the SSH login prompt. The version of openSSH I am using is 3.8.1 and Solaris 8 is where the sshd is running. Is anybody aware of this problem? Is there some configuration option I can use to enforce these password

Hello! My Linux-server is every day attacked with brute-force password cracking attacks. I use openssh-3.9p1 (SuSE Linux 9.2) with standard setup (PAM, LoginGraceTime 2m, MaxAuthTries 6). Unfortunately, I see cracking attempts with very short delays (1 second): Jan 31 00:46:53 XXX sshd[10774]: Invalid user backup from ::ffff:66.98.176.50 Jan 31 00:46:54 XXX sshd[10776]: Invalid user server