we put that on after having over 100,000 connections to our server in one day for harvesting purposes. We noticed that it was seeing these attacks, but couldn't tell if it was blocking them or not. I wonder if there is a way to configure blackice to automatically block someone that is doing this for one day?
also, how has your server been, stability wise, after installing blackice? ours seems to have held up pretty well. thanks, jim ----- Original Message ----- From: "Roger Heath" <[EMAIL PROTECTED]> To: "Jesus Alvarez" <[EMAIL PROTECTED]> Sent: Monday, April 29, 2002 5:16 PM Subject: BLARSBL:Re: [Declude.JunkMail] Blocking Dictionary Attacks and Mail Harvesting > Reply to: Jesus Alvarez > Re: [Declude.JunkMail] Blocking Dictionary Attacks and Mail Harvesting on Monday 4:26:37 PM > > The Server version of NetworkIce Black Ice detects these as > 'SMTP- too many errors'. When we see this, we set that IP to be > blocked for a day or a week if they are persistent. It > essentially shuts off their attack for a set time period... You > can purchase this Server Firewall at www.networkice.com > > -- > Roger Heath > > > > ----- Copy of Original Message(s): ----- > > J> Can Declude Hijack help with dictionary attacks and > J> other attacks that attempt at mail harvesting ? > > J> We had a case recently where someone tried over 50000 > J> email addresses on a domain before we were able to stop > J> him. Since we have an Imgate front end, the bounce messages > J> increased our queues and delivery times quite a bit. His > J> ISP was notified and their account cancelled but that does > J> not prevent this from happening again. We currently run > J> Declude Hijack but it normally catches attempts at > J> massive outgoing deliveries, not cases like this. > > J> Else, how do other Imail & Declude users protect themselves > J> in these cases ? > > J> Thanks. > > J> --- > J> [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > J> --- > > J> This E-mail came from the Declude.JunkMail mailing list. To > J> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > J> type "unsubscribe Declude.JunkMail". You can E-mail > J> [EMAIL PROTECTED] for assistance. You can visit our web > J> site at http://www.declude.com . > J> -- > J> ActivatorMail(tm) ver.041902 Scanned for all viruses by > J> www.activatormail.com intelligent anti-virus anti-spam service > > -- > ActivatorMail(tm) ver.041902 Scanned for all viruses by > www.activatormail.com intelligent anti-virus anti-spam service > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". You can E-mail > [EMAIL PROTECTED] for assistance. You can visit our web > site at http://www.declude.com . > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
