similar to: [Bug 1049] Variable delay in password logins to fight dictionary attacks

http://bugzilla.mindrot.org/show_bug.cgi?id=1049 Summary: Variable delay in password logins to fight dictionary attacks Product: Portable OpenSSH Version: 3.8.1p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo:

I'm seeing strings of failed POP3 login attempts with obvious bogus usernames coming from different IP addresses. Today's originated from 216.31.146.19 (which resolves to neovisionlabs.com). This looks like a botnet attack. I got a similar probe a couple days ago. Is anyone else seeing these? The attack involves trying about 20 different names, about 3-4 seconds apart. Here's a

http://bugzilla.mindrot.org/show_bug.cgi?id=982 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED ------- Comment #4 from dtucker at zip.com.au 2006-10-07 11:38 ------- Change all RESOLVED bug to CLOSED with the exception

http://bugzilla.mindrot.org/show_bug.cgi?id=1065 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED ------- Comment #16 from dtucker at zip.com.au 2006-10-07 11:41 ------- Change all RESOLVED bug to CLOSED with the exception

Hi Guys, I was really hoping a couple of years later this would be addressed... I'm running Dovecot 2.2.5 on FreeBSD. Is there anyway to limit the number of auth attempts allowed in a single session? The reason for this is because I have "fail2ban" setup to firewall out any IP addresses that repeatedly auth fails. The issue occurs when the connection is already in an

I keep seeing 'Joe Average compromised computer on broadband' being used to do email dictionary attacks on our systems. Seems I always have several domains going through these. One in particular has been in the 'a-' list for weeks with about 20,000 attempts per day from various systems. Yeah, I do have a system which blocks email from these systems for a period of time after 3

Hi has someone a script which can filter out dictionary attacks from /var/log/maillog and notify about the source-IPs? i know about fail2ban and so on, but i would like to have a mail with the IP address for two reasons and avoid fail2ban at all because it does not match in the way we maintain firewalls * add the IP to a distributed "iptables-block.sh" and distribute it to any

https://bugzilla.mindrot.org/show_bug.cgi?id=1884 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |dtucker at zip.com.au Resolution|---

Hi, I been using dovecot for awhile and its been solid, however I been having some issues with dictionary attacks. I installed fail2ban and for the most part is working fine. However today I got another spammer relaying through my server. Looking at the logs I see the following dictonary attack from 94.242.206.37 Nov 10 03:04:38 pop dovecot: pop3-login: Disconnected: rip=94.242.206.37,

Does anyone have a script that will notice a Rumplestiltskin type spam attack (where they try every name possible) and drop the sending into a block list? -- Chris Mason NetConcepts (264) 497-5670 Fax: (264) 497-8463 Int: (305) 704-7249 Fax: (815)301-9759 UK 44.207.183.0271 Cell: 264-235-5670 Yahoo IM: netconcepts_anguilla@yahoo.com -- This message has been scanned for viruses and

http://bugzilla.mindrot.org/show_bug.cgi?id=927 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED ------- Comment #5 from dtucker at zip.com.au 2006-10-07 11:37 ------- Change all RESOLVED bug to CLOSED with the exception

Is there a way to listen on port 25 for repeated dictionary attacks to harvest email address and blacklist that Ip with shorewall? Thanks, Mike

http://bugzilla.mindrot.org/show_bug.cgi?id=701 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED ------- Additional Comments From dtucker at zip.com.au 2005-03-10 09:07 ------- With the release of OpenSSH 4.0, these bugs

http://bugzilla.mindrot.org/show_bug.cgi?id=732 ------- Additional Comments From dtucker at zip.com.au 2003-12-22 21:40 ------- Which PAM modules do you have in your sshd PAM stack? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1207 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|unsuccessful_login_count |sshd does not clear |gets incremented by scp |unsuccessful login count on |

http://bugzilla.mindrot.org/show_bug.cgi?id=210 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED ------- Comment #5 from dtucker at zip.com.au 2006-09-28 19:25 ------- With the release of 4.4, we believe that this bug is

http://bugzilla.mindrot.org/show_bug.cgi?id=482 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED ------- Comment #14 from dtucker at zip.com.au 2006-09-28 19:25 ------- With the release of 4.4, we believe that this bug is

http://bugzilla.mindrot.org/show_bug.cgi?id=1102 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED ------- Comment #15 from dtucker at zip.com.au 2006-09-28 19:25 ------- With the release of 4.4, we believe that this bug is

http://bugzilla.mindrot.org/show_bug.cgi?id=1103 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED ------- Comment #3 from dtucker at zip.com.au 2006-09-28 19:25 ------- With the release of 4.4, we believe that this bug is

http://bugzilla.mindrot.org/show_bug.cgi?id=1157 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED ------- Comment #25 from dtucker at zip.com.au 2006-09-28 19:25 ------- With the release of 4.4, we believe that this bug is