Hi Greg,
sorry taking so long to reply, we just had another DOS pop3 attack from
61.33.87.88 and it did exactly what you desribed, cause a bottleneck in the
PAM modules that are authenticating to the db files. So I am installing your
patch now.
Thanks
- Ernie.
>
> Hi Ernie.
>
> Have a look at the info at http://www.gregkuhnert.com/public:bq:dfix
>
> This offers a few options that may help you out with this problem.
>
> Regards,
> Greg
>
> User Ernie wrote:
> > Over the last few days there has been several POP3 attacks on our BQ(Nuonce0 mail
> > servers whereby a huge number of POP3 connections are established, I presume
> > it's a dictionary attack of some sort. The effects are serious, on 3 servers
> > clients couldn't log in with POP3 any more even though Dovecot was respoding
> > when I telnet to port 110, they all got autentication errors,a reboot was required.
> > Another machine ceased working altogether and had to be powercycled. I assume
> > it ran out of swap but it's hard to tell as the sceen blanking had kicked
> > in on the console.
> >
> > How can I protect the server against these POP3 attacks taking out POP
> > logins?
> >
> > How can I turn off the screen blanking to enable console messages.
> >
> > - Ernie.
> >
>
>