We started running BlackICE last month and it has been working nice for us. It requires a few config changes to get it to auto-block IPs that send you dictionary attacks, but it is definitely a good solution.
Bill -----Original Message----- From: "R. Scott Perry" Sent: Thu, 23 Jan 2003 10:58:09 -0500 Subject: Re: [Declude.JunkMail] OT: Dictionary Attacks >It seems this morning that we have several dictionary attacks happening on >one of Imail servers. Is there an easy to stop the person doing this? I have >looked through the log files and cannot easily spot the person(s) doing >this. > >Is there software that will prevent people from performing Dictionary >Attacks in the future? > >The POP3 and Delcude processes are using like 50-09% of the CPU. > >Let me know if there is anything I can do... Are you sure that it is a dictionary attack? If the POP3 process has higher usage than normal, then E-mails are being sent to your users (which would mean that it either isn't a dictionary attack, or a hybrid attack where they send spam as part of the dictionary attack). You might want to check the archives of the IMail Forum for ideas on how to stop a dictionary attack. Some tricks are using a "nobody" alias (which I believe you are), or using a product like BlackIce Server to stop it. Unfortunately, Declude can't stop these, because it doesn't have access to the TCP/IP connection (which is where it would need to be stopped). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.