On Fri, Aug 15, 2008 at 06:43:30PM -0300, Eduardo M KALINOWSKI wrote: > Charles Marcus wrote: > > Dictionary attacks are a fact of life these days. > > > > Just install some kind of blocking on your firewall (fail2ban is a good > > one), and let it take care of the worst of it.. > > I wonder what they want by cracking a POP3 server. Read the user's > mails? It's true POP3 passwords are almost always equal to SMTP ones > (which is useful for spamming), but then why not try to crack the SMTP > server directly?
One reason is so that they can get SMTP AUTH information and then sell the username/password pairs to spammers. Open relays are much more rare nowadays, so having a legitimate pre-existing account that can be used for outbound spam is worth much more than opening a new hotmail or gmail account. Especially through smaller ISPs that may not have adequate outbound mail rate-limits in place. A single hijacked mail account through a small ISP without rate-limits can be used to send an incredible amount of spam before it's caught. -- Dean Brooks [EMAIL PROTECTED]
