[attack account deleted] > Solution: > > Implement random delay times, logging, and disconnection within the pop3 > daemom > > I am currently adding a random delay of 5-10 seconds after a bad password to > not only slow down, but possibly break the crack mechanism. Along with this > I am adding logging of any attempt that gives a bad password and a > disconnection scheme that will disconnect the process after 3 bad passwords. What's to stop someone opening a new pop3 connection for each guess, thus avoiding the wait factor and/or process detection you've put in the code? popper should use syslog to record the IP address of requests and if you run it with -d produce some nice debug information (depending on the version of popper you have of course). -- ..Blue O "Smoke me a kipper, Skies.. //\/ I'll be back for breakfast." \/\ ..Must ...../ Dash.. Email: rich@corp.netcom.net.uk