Since it seems to all be coming from the same IP I'd say block that IP at your firewall.
Thank you, Jason Loven Manager - Technical Services Department Computer Associates, Inc. 36 Thurber Blvd, Smithfield RI 02917 Phone: (401)232-2600, Fax: (401)232-7778 Email: [EMAIL PROTECTED] Web: http://www.cainetserv.com/ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Archer Koch Sent: Tuesday, August 15, 2006 3:13 PM To: [email protected] Subject: [IMail Forum] POP3 Security / DOS Attack We had a POP3 attack this morning that looked like this: 08:15 08:43 POP3D UNK: mail.XXXXXXX.XXX - lydia 08:15 08:43 POP3D (0471D5B4) logon failure for kayla mail.XXXXXXX.XXX from 63.201.40.234 08:15 08:43 POP3D UNK: mail.XXXXXXX.XXX - mail 08:15 08:43 POP3D (0471D622) logon failure for lydia mail.XXXXXXX.XXX from 63.201.40.234 08:15 08:43 POP3D UNK: mail.XXXXXXX.XXX - kayla 08:15 08:43 POP3D (0471D68F) logon failure for mail mail.XXXXXXX.XXX from 63.201.40.234 08:15 08:43 POP3D UNK: mail.XXXXXXX.XXX - kent 08:15 08:43 POP3D (0471D6FC) logon failure for kayla mail.XXXXXXX.XXX from 63.201.40.234 08:15 08:43 POP3D UNK: mail.XXXXXXX.XXX - kirk 08:15 08:43 POP3D (0471D76A) logon failure for kent mail.XXXXXXX.XXX from 63.201.40.234 This is just a tiny snippet of the attack, which brought the POP3 service to its knees. Imail 8.22 I haven't been able to find any information about thwarting such an attack -- or even any reports of such attacks occurring for that matter, so I turn to you for your valued input. Obviously, the implications are quite serious. Archer To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
