Security Incidents mailing list archives
Re: POP3 logon attempts
From: "dreamwvr () dreamwvr com" <dreamwvr () dreamwvr com>
Date: Tue, 1 Apr 2003 08:33:56 -0700
On Mon, Mar 31, 2003 at 02:11:27PM +0200, Tom Fischer wrote:
Hi, some of our POP3 servers got DoSed cause of massive password probes against following accounts: admin backup data master oracle root server sybase test user web webmaster Does someone know a tool which will brute force these accounts?
It's likely just a script that automates this for the tickler to the tickee. They would just loop via the total number of accounts they wish fork to and test for default accounts/passwords for example. Have you tried a wrapper to limit the number of connections per same ip addr? For example if you do not have more than one connection established per ip to get pop3. Then send them a RST. Or something like that. AND create a list of accounts that never are allowed to access remotely via pop3 and send disconnects to any attempts to do so. Obviously log usages that do not meet your ruleset and add spice to taste. If some of these they are trying do actually exist then create filter rules. TMTOWTDI HIH Best Regards, dreamwvr () dreamwvr com -- /* Security is a work in progress - dreamwvr */ # # Note: To begin Journey type man afterboot,man help,man hier[.] # // "Who's Afraid of Schrodinger's Cat?" /var/(.)?mail/me \? ;-] ---------------------------------------------------------------------------- Powerful Anti-Spam Management and More... SurfControl E-mail Filter puts the brakes on spam, viruses and malicious code. Safeguard your business critical communications. Download a free 30-day trial: http://www.securityfocus.com/SurfControl-incidents
Current thread:
- RE: POP3 logon attempts Jerry Shenk (Mar 31)
- Re: POP3 logon attempts Tom Fischer (Apr 02)
- <Possible follow-ups>
- RE: POP3 logon attempts Curt Purdy (Mar 31)
- Re: POP3 logon attempts Bojan Zdrnja (Mar 31)
- Re: POP3 logon attempts Torsten Mueller (Mar 31)
- Re: POP3 logon attempts dreamwvr () dreamwvr com (Apr 02)
- Re: POP3 logon attempts Mike (Apr 02)
- Re: POP3 logon attempts Steve Cody (Apr 23)