A very usefull feature found elsewhere is to temporarily block an ip address based on exceeding a set number of errors in a given time frame. Dictionary attacks will grab a session and just see how many names it can push until the receiver breaks the connection. Setting a threshold of say 10 errors in 30 minutes, results in dropping the connection and temporary blacklisting that ip address is quite usefull during a Dictionary attack.Thanks,Lyle GieseLCR Computer Services, Inc.
temporary blocking based on number of errors
2 replies to this topic
Posted 20 February 2006 - 10:31 AM
Would this add much more blocking beyond the Rate Control which already exists? Most of these dictionary attacks should already trip your Rate Control after the first 50 messages (by default). Your feature might reduce the number of messages before the blocking starts, but at the expense of adding another check for ALL email.We already block an email if there are 3 or more bad recipients. So they won't be able to flood your Barracuda with bad recipients by the hundreds per email. We also will start to tar-pit their connections if they try to send multiple emails with bad recipients over the same connection. If they start new connections, then they will get caught by the Rate Control.I only see your feature stopping a very small percentage of messages that wouldn't get stopped by the other checks anyway. Or am I missing something here?
Posted 20 February 2006 - 10:48 AM
Ok, am just getting started with the Barracuda and it looks like you are correct in that these other features will cover this quite well.Thanks,Lyle GieseLCR Computer Services, Inc.