Hello,
   I got on Google (*smirk*) and search for web based pop3 clients. I found
quite a few sites offering this service for free. And testing out each service,
I found the same thing with each and every one.

  This flaw that I am talking about concerns 'pop3 proxying'. The majority
of these pop3 clients often ask for your authentication info (user,
pass) and then query for new mail. When this happens, and if you check the
mail server logs, what will come up is the hostname of the web based
e-mail client.
  
  Under these circumstances, visitors could use this to brute force
against pop3 servers without detection on the pop3 servers they are
attacking.

  I can recommend a few things for administrators who run websites that
act as pop3 clients on detection and prevention:

  1. Good logging
  2. Limit the tries of the user to a minimal
 
  Good logging will come in hand if a site does become used as a place
of launch. Limiting how many times a certain ip can try to log in would also
be a great fix. The various sites I have visited enabled me to query, even
after a high amount of failed log ins.

    Adios,
     Charles Chear
-----------------------------------
http://presto.tpgn.net
e-mail: pwcprivacyx.com
"You're more cornea than a retina."
-----------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]