> Perhaps he did, but "locked out CONNECTIONS from that IP for 10
minutes"
> reads differently to me. If Tom had meant what you said, then I would
> have expected something like "locked out authentication attempts from
> that username/IP pair for 10 minutes."
This idea is great, but doesn't work for me, because all traffic passes
a proxy firewall (including a esmtp daemon) - so the firewall is the one
and only entity which makes a connection to the mailserver...
But for others this might be the best solution...! Thanks for the
information.
about the DoS attack: sure, it's possible to knock somebody out of his
mailbox... but i think this is better than if somebody takes it over...
Personally i feel much better if i know that my mailbox gets locked
before somebody takes my mail away (via pop3).... (my opinion)
if it happens that somebody starts DDoS this way, i can do the
following:
- look at my firewall log
- find out his (or her's ;) ) IP Address
- block the IP(-Pool)
- contact the ISP, if it doesn't stop.
MfG Florian
