|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Need help dealing with distributed dictionary attack.
From: Wietse Venema (wietse
porcupine.org)
Date: Mon Aug 02 2004 - 20:29:20 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jefferson Cowart:
> I'm running a postfix mail server on debian stable (postfix version 1.1.11 -
> some security backports). I have had someone that based on initial IP
> addresses seems to be from brazil that has been running a dictionary account
> against my server for about a year and a half now. Each time that I block
> his IP addresses he ends up just moving to a different address and
> continuing the attack. At this point it appears that he is using a largish
> (50-100 at the moment) network of computers (probably zombied windows
> machines) to launch this dictionary attack against me. While the dictionary
> attack is not in and of itself a major problem, it is causing major load
> problems on my server. I have had multiple times where he has been sending
> enough traffic down the line to cause legitimate connections to be slow or
> non functional. Additional he has multiple times caused my servers enough
> load that they were unable to process legitimate requests. Does anyone have
> any suggestions about how to handle this problem.
/etc/postfix/main.cf:
smtpd_error_sleep_time = 0
Are you sure this not backscatter?
http://www.postfix.org/BACKSCATTER_README.html
Wietse
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]