Bill, Also running BI as of few weeks ago and tinkering with firewal.ini. Would you mind sharing the .ini changes you made. You can e-mail me off list. Thanks.
Sincerely, Don Schreiner CompBiz, Inc. www.compbiz.net 407-322-8654 800-408-3688 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bill B. Sent: Thursday, January 23, 2003 12:16 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] OT: Dictionary Attacks We started running BlackICE last month and it has been working nice for us. It requires a few config changes to get it to auto-block IPs that send you dictionary attacks, but it is definitely a good solution. Bill -----Original Message----- From: "R. Scott Perry" Sent: Thu, 23 Jan 2003 10:58:09 -0500 Subject: Re: [Declude.JunkMail] OT: Dictionary Attacks >It seems this morning that we have several dictionary attacks happening >on one of Imail servers. Is there an easy to stop the person doing >this? I have looked through the log files and cannot easily spot the >person(s) doing this. > >Is there software that will prevent people from performing Dictionary >Attacks in the future? > >The POP3 and Delcude processes are using like 50-09% of the CPU. > >Let me know if there is anything I can do... Are you sure that it is a dictionary attack? If the POP3 process has higher usage than normal, then E-mails are being sent to your users (which would mean that it either isn't a dictionary attack, or a hybrid attack where they send spam as part of the dictionary attack). You might want to check the archives of the IMail Forum for ideas on how to stop a dictionary attack. Some tricks are using a "nobody" alias (which I believe you are), or using a product like BlackIce Server to stop it. Unfortunately, Declude can't stop these, because it doesn't have access to the TCP/IP connection (which is where it would need to be stopped). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. ---------- Scanned by CompBiz for Viruses http://www.CompBiz.Net. Save 15 Percent on Virus Software by visiting http://www.compbiz.net/software_mcafee.cfm for details! --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
