|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: POP3 logon attempts
dreamwvr
dreamwvr.com
Date: Tue Apr 01 2003 - 09:33:56 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Mar 31, 2003 at 02:11:27PM +0200, Tom Fischer wrote:
> Hi,
> some of our POP3 servers got DoSed cause of massive password probes
> against following accounts:
>
> admin
> backup
> data
> master
> oracle
> root
> server
> sybase
> test
> user
> web
> webmaster
>
> Does someone know a tool which will brute force these accounts?
It's likely just a script that automates this for the tickler to
the tickee. They would just loop via the total number of accounts
they wish fork to and test for default accounts/passwords for example.
Have you tried a wrapper to limit the number of connections per
same ip addr? For example if you do not have more than one connection
established per ip to get pop3. Then send them a RST. Or something
like that. AND create a list of accounts that never are allowed to
access remotely via pop3 and send disconnects to any attempts to
do so. Obviously log usages that do not meet your ruleset and
add spice to taste. If some of these they are trying do actually
exist then create filter rules. TMTOWTDI
HIH
Best Regards,
dreamwvrdreamwvr.com
--
/* Security is a work in progress - dreamwvr */
#
# Note: To begin Journey type man afterboot,man help,man hier[.]
#
// "Who's Afraid of Schrodinger's Cat?" /var/(.)?mail/me \? ;-]
----------------------------------------------------------------------------
Powerful Anti-Spam Management and More...
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-incidents
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]