Article 11742 at 08/01/19 01:53:56 From: greg.kuhnert (at mark) theanchoragesylvania.com Subject: [coba-e:11742] Re: POP3 DOS attack

Index: [Article Count Order] [Thread]

Date:  Sat, 19 Jan 2008 17:53:06 +1100
From:  Greg Kuhnert <greg.kuhnert (at mark) theanchoragesylvania.com>
Subject:  [coba-e:11742] Re: POP3 DOS attack
To:  User Ernie <ernie (at mark) info.eis.net.au>
Cc:  coba-e (at mark) bluequartz.org
Message-Id:  <47919E52.4070809 (at mark) theanchoragesylvania.com>
In-Reply-To:  <200801182159.m0ILxs6M059843 (at mark) info.eis.net.au>
References:  <200801182159.m0ILxs6M059843 (at mark) info.eis.net.au>
X-Mail-Count: 11742

Hi Ernie.

Have a look at the info at http://www.gregkuhnert.com/public:bq:dfix

This offers a few options that may help you out with this problem.

Regards,
Greg

User Ernie wrote:
> Over the last few days there has been several POP3 attacks on our BQ(Nuonce0  mail
> servers whereby a huge number of POP3 connections are established, I presume
> it's a dictionary attack of some sort. The effects are serious, on 3 servers
> clients couldn't log in with POP3 any more even though Dovecot was respoding
> when I telnet to port 110, they all got autentication errors,a reboot was required. 
> Another machine ceased working altogether and had to be powercycled. I assume 
> it ran out of swap but it's hard to tell as the sceen blanking had kicked 
> in on the console.
>
> How can I protect the server against these POP3 attacks taking out POP
> logins?
>
> How can I turn off the screen blanking to enable console messages.
>
> - Ernie.
>