ossec in general works, but i didnt get the brutefore attack stopped for pop3d with ossec. Has someone a actual ossec config/rule set for pop3d running on Suse 10.1 or give me some hints.
I got the following messages from ossec Rule: 40111 fired (level 10) -> "Multiple authentication failures." ---my logentrys looks like: Oct 8 17:59:06 plesk pop3d: IMAP connect from @ [xxx.xxx.xxx.xxx]checkmailpasswd: FAILED: mika - no such user from @ [xxx.xxx.xxx.xxx]DEBUG: Connection, ip=[yyy.yyy.yyy.yyy] Oct 8 17:59:43 plesk pop3d: IMAP connect from @ [xxx.xxx.xxx.xxx]checkmailpasswd: FAILED: mika - no such user from @ [xxx.xxx.xxx.xxx]ERR: LOGIN FAILED, ip=[xxx.xxx.xxx.xxx] --- thanks Brujo
