Re: [Declude.JunkMail] OT: Dictionary Attacks
It seems this morning that we have several dictionary attacks happening on one of Imail servers. Is there an easy to stop the person doing this? I have looked through the log files and cannot easily spot the person(s) doing this. Is there software that will prevent people from performing Dictionary Attacks in the future? The POP3 and Delcude processes are using like 50-09% of the CPU. Let me know if there is anything I can do... Are you sure that it is a dictionary attack? If the POP3 process has higher usage than normal, then E-mails are being sent to your users (which would mean that it either isn't a dictionary attack, or a hybrid attack where they send spam as part of the dictionary attack). You might want to check the archives of the IMail Forum for ideas on how to stop a dictionary attack. Some tricks are using a nobody alias (which I believe you are), or using a product like BlackIce Server to stop it. Unfortunately, Declude can't stop these, because it doesn't have access to the TCP/IP connection (which is where it would need to be stopped). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] OT: Dictionary Attacks
We started running BlackICE last month and it has been working nice for us. It requires a few config changes to get it to auto-block IPs that send you dictionary attacks, but it is definitely a good solution. Bill -Original Message- From: R. Scott Perry Sent: Thu, 23 Jan 2003 10:58:09 -0500 Subject: Re: [Declude.JunkMail] OT: Dictionary Attacks It seems this morning that we have several dictionary attacks happening on one of Imail servers. Is there an easy to stop the person doing this? I have looked through the log files and cannot easily spot the person(s) doing this. Is there software that will prevent people from performing Dictionary Attacks in the future? The POP3 and Delcude processes are using like 50-09% of the CPU. Let me know if there is anything I can do... Are you sure that it is a dictionary attack? If the POP3 process has higher usage than normal, then E-mails are being sent to your users (which would mean that it either isn't a dictionary attack, or a hybrid attack where they send spam as part of the dictionary attack). You might want to check the archives of the IMail Forum for ideas on how to stop a dictionary attack. Some tricks are using a nobody alias (which I believe you are), or using a product like BlackIce Server to stop it. Unfortunately, Declude can't stop these, because it doesn't have access to the TCP/IP connection (which is where it would need to be stopped). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] OT: Dictionary Attacks
Bill, Also running BI as of few weeks ago and tinkering with firewal.ini. Would you mind sharing the .ini changes you made. You can e-mail me off list. Thanks. Sincerely, Don Schreiner CompBiz, Inc. www.compbiz.net 407-322-8654 800-408-3688 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bill B. Sent: Thursday, January 23, 2003 12:16 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] OT: Dictionary Attacks We started running BlackICE last month and it has been working nice for us. It requires a few config changes to get it to auto-block IPs that send you dictionary attacks, but it is definitely a good solution. Bill -Original Message- From: R. Scott Perry Sent: Thu, 23 Jan 2003 10:58:09 -0500 Subject: Re: [Declude.JunkMail] OT: Dictionary Attacks It seems this morning that we have several dictionary attacks happening on one of Imail servers. Is there an easy to stop the person doing this? I have looked through the log files and cannot easily spot the person(s) doing this. Is there software that will prevent people from performing Dictionary Attacks in the future? The POP3 and Delcude processes are using like 50-09% of the CPU. Let me know if there is anything I can do... Are you sure that it is a dictionary attack? If the POP3 process has higher usage than normal, then E-mails are being sent to your users (which would mean that it either isn't a dictionary attack, or a hybrid attack where they send spam as part of the dictionary attack). You might want to check the archives of the IMail Forum for ideas on how to stop a dictionary attack. Some tricks are using a nobody alias (which I believe you are), or using a product like BlackIce Server to stop it. Unfortunately, Declude can't stop these, because it doesn't have access to the TCP/IP connection (which is where it would need to be stopped). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. -- Scanned by CompBiz for Viruses http://www.CompBiz.Net. Save 15 Percent on Virus Software by visiting http://www.compbiz.net/software_mcafee.cfm for details! --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.