>From: mark@qualcomm.com (Mark Erikson) >Subject: Re: Not so much a bug as a warning of new brute force attack > (fwd) >Cc: "Brett L. Hawn" <blh@nol.net> >Content-Type: text/plain; charset="us-ascii" >Content-Length: 2744 > > > Version 2.2 has some features you might find interesting. > > 1) it blocks access to UIDs less than 11 by default. > 2) if the login fails, it waits 15 seconds and then exits. > 3) it logs all failed login attempts. > > The only other thing I can think of is to add a database which checks > for a number of failed logins and then disable the account if the number > is reached. > > Now, with APOP one can create a longer pass phrase which will > be much more difficult to guess, but the password database will be > independant of the unix account. > > qpopper 2.2 can be retrieved from: > > <ftp://ftp.qualcomm.com/quest/unix/servers/unix/qpop2.2.tar.Z> > > Mark