Hi,
I did get good results in similar situations using the the netfilter match
"iplimit", fast solution if you are using ip filtering anyway.
Have a look here:
http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO.html#toc3.5
Uwe
> Take Ben's advice. Use fail2ban, FUT, or
Take Ben's advice. Use fail2ban, FUT, or any of the other programs
out there that are designed for this. If the attacker is using a
single IP address, fail2ban (properly configured) should block them in
under a second.
There's probably a way to prevent Cyrus from taking too many
connections, but
I found out that it was a single IP from the log
files. That person (or bot) logs into the POP3 server
and tries to authenticate itself. The problem is that
it logs in as a different user each time and does ALOT
of these logins per second, causing LDAP to overload
with connections. Is there any way
Jim John wrote:
> We would like to know if there is a way to prevent these types of attacks?
Take a look at fail2ban [1]
Ben
[1] http://fail2ban.sourceforge.net/
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg
On Friday 03 November 2006 07:53, Jim John wrote:
> Hi all. Our cyrus was hit by a "denial of service"
> type attack. Basically, they kept trying to login as
> different users per second. They didn't crash the
> server, but they did crash our LDAP which is what we
> used for authentication. We woul
Hi all. Our cyrus was hit by a "denial of service"
type attack. Basically, they kept trying to login as
different users per second. They didn't crash the
server, but they did crash our LDAP which is what we
used for authentication. We would like to know if
there is a way to prevent these types of a
