We started running BlackICE last month and it has been working nice for us. It
requires a few config changes to get it to auto-block IPs that send you dictionary
attacks, but it is definitely a good solution.
Bill
-----Original Message-----
From: "R. Scott Perry"
Sent: Thu, 23 Jan 2003 10:58:09 -0500
Subject: Re: [Declude.JunkMail] OT: Dictionary Attacks
>It seems this morning that we have several dictionary attacks happening on
>one of Imail servers. Is there an easy to stop the person doing this? I have
>looked through the log files and cannot easily spot the person(s) doing
>this.
>
>Is there software that will prevent people from performing Dictionary
>Attacks in the future?
>
>The POP3 and Delcude processes are using like 50-09% of the CPU.
>
>Let me know if there is anything I can do...
Are you sure that it is a dictionary attack? If the POP3 process has
higher usage than normal, then E-mails are being sent to your users (which
would mean that it either isn't a dictionary attack, or a hybrid attack
where they send spam as part of the dictionary attack).
You might want to check the archives of the IMail Forum for ideas on how to
stop a dictionary attack. Some tricks are using a "nobody" alias (which I
believe you are), or using a product like BlackIce Server to stop it.
Unfortunately, Declude can't stop these, because it doesn't have access to
the TCP/IP connection (which is where it would need to be stopped).
-Scott
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
