NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

brute force/dictionary attacks


I am running NetBSd 4 with UW ipop3d. Anyway, I am getting more and more brute force attacks with pop. What happens is that after inetd reaches the set limit of connections it stops all pop3 requests, so the pop server is effectively down. I put the IP address in hosts.deny, but inetd still reached its limit and stopped taking requests for pop. I then raised the limit of connections to 999. This created a new issue and although the server continued to answer pop requests its cpu was 0% idle.

Does anyone know if there is a way to hold the connection open with the pop3 client much like is done with smtp (tar pit) or if I could limit the number of SYN packets? I would like to do something to slow them down. Maybe someone has a better suggestion on how to deal with this kind of attack.


Home | Main Index | Thread Index | Old Index