Reply to: Jim Jones, Jr.
Re: [Declude.JunkMail] Blocking Dictionary Attacks and Mail Harvesting -- Does
BlackIce help? on Tuesday 7:46:02 AM
Our servers are very stable with this firewall. It does not
autoblock these but you can manually block them. I noticed that
they do not show up in the log any more, so it appears to work
fine. I know you can set to autoblock select events by editing
the blackice.ini can be edited for example:
http.urllimit.count=60
http.urllimit.interval=50
will temporarily block too many URL requests, like web site
copying... I do not know the settings for too many SMTP requests,
but it must exist if you research or call support. Let me know if
you find this out.
I can't imagine running Imail without this firewall as I have
EZSignup and IIS on the same setup and it autoblocks Code Red and
numerous illegal requests in IIS automatically..
--
Roger Heath
----- Copy of Original Message(s): -----
J> we put that on after having over 100,000 connections to our server in one
J> day for harvesting purposes. We noticed that it was seeing these attacks,
J> but couldn't tell if it was blocking them or not. I wonder if there is a
J> way to configure blackice to automatically block someone that is doing this
J> for one day?
J> also, how has your server been, stability wise, after installing blackice?
J> ours seems to have held up pretty well.
J> thanks,
J> jim
J> ----- Original Message -----
J> From: "Roger Heath" <[EMAIL PROTECTED]>
J> To: "Jesus Alvarez" <[EMAIL PROTECTED]>
J> Sent: Monday, April 29, 2002 5:16 PM
J> Subject: BLARSBL:Re: [Declude.JunkMail] Blocking Dictionary Attacks and Mail
J> Harvesting
>> Reply to: Jesus Alvarez
>> Re: [Declude.JunkMail] Blocking Dictionary Attacks and Mail
J> Harvesting on Monday 4:26:37 PM
>>
>> The Server version of NetworkIce Black Ice detects these as
>> 'SMTP- too many errors'. When we see this, we set that IP to be
>> blocked for a day or a week if they are persistent. It
>> essentially shuts off their attack for a set time period... You
>> can purchase this Server Firewall at www.networkice.com
>>
>> --
>> Roger Heath
>>
>>
>>
>> ----- Copy of Original Message(s): -----
>>
>> J> Can Declude Hijack help with dictionary attacks and
>> J> other attacks that attempt at mail harvesting ?
>>
>> J> We had a case recently where someone tried over 50000
>> J> email addresses on a domain before we were able to stop
>> J> him. Since we have an Imgate front end, the bounce messages
>> J> increased our queues and delivery times quite a bit. His
>> J> ISP was notified and their account cancelled but that does
>> J> not prevent this from happening again. We currently run
>> J> Declude Hijack but it normally catches attempts at
>> J> massive outgoing deliveries, not cases like this.
>>
>> J> Else, how do other Imail & Declude users protect themselves
>> J> in these cases ?
>>
>> J> Thanks.
>>
>> J> ---
>> J> [This E-mail was scanned for viruses by Declude Virus
J> (http://www.declude.com)]
>>
>> J> ---
>>
>> J> This E-mail came from the Declude.JunkMail mailing list. To
>> J> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
>> J> type "unsubscribe Declude.JunkMail". You can E-mail
>> J> [EMAIL PROTECTED] for assistance. You can visit our web
>> J> site at http://www.declude.com .
>> J> --
>> J> ActivatorMail(tm) ver.041902 Scanned for all viruses by
>> J> www.activatormail.com intelligent anti-virus anti-spam service
>>
>> --
>> ActivatorMail(tm) ver.041902 Scanned for all viruses by
>> www.activatormail.com intelligent anti-virus anti-spam service
>>
>> ---
>> [This E-mail was scanned for viruses by Declude Virus
J> (http://www.declude.com)]
>>
>> ---
>>
>> This E-mail came from the Declude.JunkMail mailing list. To
>> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
>> type "unsubscribe Declude.JunkMail". You can E-mail
>> [EMAIL PROTECTED] for assistance. You can visit our web
>> site at http://www.declude.com .
>>
J> ---
J> [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
J> ---
J> This E-mail came from the Declude.JunkMail mailing list. To
J> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
J> type "unsubscribe Declude.JunkMail". You can E-mail
J> [EMAIL PROTECTED] for assistance. You can visit our web
J> site at http://www.declude.com .
J> --
J> ActivatorMail(tm) ver.041902 Scanned for all viruses by
J> www.activatormail.com intelligent anti-virus anti-spam service
--
ActivatorMail(tm) ver.041902 Scanned for all viruses by
www.activatormail.com intelligent anti-virus anti-spam service
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". You can E-mail
[EMAIL PROTECTED] for assistance. You can visit our web
site at http://www.declude.com .
