Educause Security Discussion mailing list archives
Re: Brute Force Attacks On Microsoft O365’s IMAP (Symptom: Account Lockouts)?
From: Joseph Tam <tam () MATH UBC CA>
Date: Wed, 13 Feb 2019 13:39:19 -0800
On Tue, 12 Feb 2019, Thomas Abraham (Campus Consortium) wrote:
We are starting to get a lot of calls for help recently from our members on brute force attacks on their Microsoft O365?s IMAP login service. Are others experiencing this?
Every second of every day of the year. There's easy countermeasures with varying amounts of efficacy and tradeoffs. Authentication failure delays (but not lockout!). Preemptive blacklistings for troublesome networks *cough*ChinaNet*cough* with mitigation measures like VPN. Selective blacklists (e.g. blocklist.de). Dynamic blacklisting (failure logs, hooks within your application, etc.) All bets are off if it's a distributed BFD. Joseph Tam <tam () math ubc ca>
Current thread:
- Brute Force Attacks On Microsoft O365’s IMAP (Symptom: Account Lockouts)? Thomas Abraham (Campus Consortium) (Feb 12)
- <Possible follow-ups>
- Re: Brute Force Attacks On Microsoft O365’s IMAP (Symptom: Account Lockouts)? Joseph Tam (Feb 13)