Does anyone know how to block, or auto programs in Gentoo to limit
or stop people scanning for a user/password hacking on your firewall?
Besides disabling those ports, I still need the port accessable
from the outside, and I guess they'd just try imap if pop was blocked.
I'm running iptables, postfix & courier
This has been ongoing in excess of 12 Hrs now...
Jun 17 10:25:20 jumpgate pop3d: Connection, ip=[::ffff:93.186.195.234]
Jun 17 10:25:21 jumpgate pop3d: LOGIN FAILED, user=dave,
ip=[::ffff:93.186.195.234]
Jun 17 10:25:26 jumpgate pop3d: Disconnected, ip=[::ffff:93.186.195.234]
Jun 17 10:25:27 jumpgate pop3d: Connection, ip=[::ffff:93.186.195.234]
Jun 17 10:25:27 jumpgate pop3d: LOGIN FAILED, user=dave,
ip=[::ffff:93.186.195.234]
Jun 17 10:25:33 jumpgate pop3d: Disconnected, ip=[::ffff:93.186.195.234]
Jun 17 10:25:33 jumpgate pop3d: Connection, ip=[::ffff:93.186.195.234]
Jun 17 10:25:34 jumpgate pop3d: LOGIN FAILED, user=dave,
ip=[::ffff:93.186.195.234]
Jun 17 10:25:39 jumpgate pop3d: Disconnected, ip=[::ffff:93.186.195.234]
Jun 17 10:25:39 jumpgate pop3d: Connection, ip=[::ffff:93.186.195.234]
Jun 17 10:25:40 jumpgate pop3d: LOGIN FAILED, user=dave,
ip=[::ffff:93.186.195.234]
Jun 17 10:25:45 jumpgate pop3d: Disconnected, ip=[::ffff:93.186.195.234]
Jun 17 10:25:46 jumpgate pop3d: Connection, ip=[::ffff:93.186.195.234]
Jun 17 10:25:46 jumpgate pop3d: LOGIN FAILED, user=dave,
ip=[::ffff:93.186.195.234]
Jun 17 10:25:52 jumpgate pop3d: Disconnected, ip=[::ffff:93.186.195.234]
Jun 17 10:25:52 jumpgate pop3d: Connection, ip=[::ffff:93.186.195.234]
Jun 17 10:25:53 jumpgate pop3d: LOGIN FAILED, user=dave,
ip=[::ffff:93.186.195.234]
Jun 17 10:25:58 jumpgate pop3d: Disconnected, ip=[::ffff:93.186.195.234]
Jun 17 10:25:58 jumpgate pop3d: Connection, ip=[::ffff:93.186.195.234]
Jun 17 10:25:59 jumpgate pop3d: LOGIN FAILED, user=dave,
ip=[::ffff:93.186.195.234]
Jun 17 10:26:04 jumpgate pop3d: Disconnected, ip=[::ffff:93.186.195.234]
Jun 17 10:26:05 jumpgate pop3d: Connection, ip=[::ffff:93.186.195.234]
06-17-2010, 12:59 AM
Alex Schuster
User & password scanning on pop3
Rod writes:
> Does anyone know how to block, or auto programs in Gentoo to limit
> or stop people scanning for a user/password hacking on your firewall?
I am using net-analyzer/fail2ban. That can block an IP after some
unsuccessful login attempts. This helps a lot, but not against bot nets,
when every host tries for two times only.
> Besides disabling those ports, I still need the port accessable
> from the outside, and I guess they'd just try imap if pop was blocked.
Could you change the port to something unusual, like 1100?
Wonko
06-17-2010, 10:02 AM
Tobias R
User & password scanning on pop3
> Hi,
> Does anyone know how to block, or auto programs in Gentoo to
> limit
> or stop people scanning for a user/password hacking on your
> firewall?
You may want to have a look at iptables and hashlimit, e.g. [1] (please
note that I never tried this by myself).
>> Does anyone know how to block, or auto programs in Gentoo to
>> limit
>> or stop people scanning for a user/password hacking on your
>> firewall?
fail2ban
06-20-2010, 11:43 PM
kashani
User & password scanning on pop3
On 6/16/2010 5:26 PM, Rod wrote:
Hi,
Does anyone know how to block, or auto programs in Gentoo to limit or
stop people scanning for a user/password hacking on your firewall?
Besides disabling those ports, I still need the port accessable from the
outside, and I guess they'd just try imap if pop was blocked.
I'm running iptables, postfix & courier
Have you considered changing over to pop3-ssl and imap-ssl? I fully
switched over about six years ago and nearly every job I've had since
has used SSL as well. I'd still recommend plain imap to be open on
localhost for webmail to interact with it, but you should have far less
problems. And less change of sniffers pulling user/pass from wireless
connections in cafes.
kashani
06-21-2010, 12:06 AM
deface
User & password scanning on pop3
On Jun 20, 2010, at 6:43 PM, kashani wrote:
> On 6/16/2010 5:26 PM, Rod wrote:
>> Hi,
>>
>> Does anyone know how to block, or auto programs in Gentoo to limit or
>> stop people scanning for a user/password hacking on your firewall?
>>
>> Besides disabling those ports, I still need the port accessable from the
>> outside, and I guess they'd just try imap if pop was blocked.
>>
>> I'm running iptables, postfix & courier
>
> Have you considered changing over to pop3-ssl and imap-ssl? I fully switched over about six years ago and nearly every job I've had since has used SSL as well. I'd still recommend plain imap to be open on localhost for webmail to interact with it, but you should have far less problems. And less change of sniffers pulling user/pass from wireless connections in cafes.
>
> kashani
>
>
> --
> Powered by Flux Labs
> http://www.fluxlabs.net
>
Try fail2ban
06-21-2010, 12:13 AM
Rod
User & password scanning on pop3
On 17/06/2010 10:26 AM, Rod wrote:
Hi,
Does anyone know how to block, or auto programs in Gentoo to limit
or stop people scanning for a user/password hacking on your firewall?
Hi,
Just a update, I found the program I had running "Fail2Ban" was
broken, so I have fixed that, but also closed off the pop3 server for
non "SSL" traffic...
pop3 - closed
pop3-ssl - open certificates issued to both SSL users (pop/imap)
imap-ssl open
06-21-2010, 05:27 AM
kashani
User & password scanning on pop3
On 6/20/2010 5:06 PM, deface wrote:
Try fail2ban
How about reading the whole thread before posting a one liner?
User & password scanning on pop3
