Article 13687 at 08/08/05 06:15:49 From: sunlist (at mark) yahoo.com Subject: [coba-e:13687] Re: Dovecot/POP3 Flood

Index: [Article Count Order] [Thread]

Date:  Mon, 4 Aug 2008 14:15:45 -0700 (PDT)
From:  mailing list <sunlist (at mark) yahoo.com>
Subject:  [coba-e:13687] Re: Dovecot/POP3 Flood
To:  coba-e (at mark) bluequartz.org
Message-Id:  <930069.61840.qm (at mark) web63812.mail.re1.yahoo.com>
In-Reply-To:  <1217175174.31211.9.camel (at mark) columbus.webtent.org>
X-Mail-Count: 13687


--- On Sun, 7/27/08, Robert Fitzpatrick <lists (at mark) webtent.net> wrote:

> Did you ever find this? Our firewall shows a hit on the
> network address
> (0). But I saw hundreds of attempts from the IP in both
> server logs.
> Still waiting for the firewall manufacturer to way in and
> let me know if
> there is a way to up the logging, but the script from Greg
> is up.

You can also deny services via /etc/hosts.deny file.  For example, ssh:

edit /etc/hosts.deny

sshd: x.x.x.x/255.255.255.0

So now, any IP/range above will not have access to sshd.  Apply the above to any services you want to deny to any range, etc.

dovecot-auth
pop3-login
imap-login
sshd
proftpd (I'm not running FTP so I'm not certain)

Regards,


Mike