Re: pop3 attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Bill Campbell wrote:
> On Tue, Dec 09, 2008, James Pifer wrote:
>> I was looking at my maillog and it looks like someone is trying to get
>> into my pop3 server. 
>>
>> Dec  9 15:28:54 mailserver dovecot: pop3-login: Aborted login: user=<alexis>, method=PLAIN, rip=::ffff:66.167.184.203, lip=::ffff:192.168.1.2
>> Dec  9 15:29:08 mailserver dovecot: pop3-login: Aborted login: user=<alfonso>, method=PLAIN, rip=::ffff:66.167.184.203, lip=::ffff:192.168.1.2
>> Dec  9 15:29:14 mailserver dovecot: pop3-login: Aborted login: user=<alexis>, method=PLAIN, rip=::ffff:66.167.184.203, lip=::ffff:192.168.1.2
>> Dec  9 15:29:18 mailserver dovecot: pop3-login: Aborted login: user=<alfonso>, method=PLAIN, rip=::ffff:66.167.184.203, lip=::ffff:192.168.1.2
>> Dec  9 15:29:36 mailserver dovecot: pop3-login: Aborted login: user=<alfred>, method=PLAIN, rip=::ffff:66.167.184.203, lip=::ffff:192.168.1.2
>>
>> How worried should I bee about this? Any suggestions for dealing with
>> it?
> 
> If your users all have good passwords, it isn't much to worry about, but
> then users having good passwords is not all that common.
> 
> Once the cracker finds an account with a guessable password, they may well
> be able to get access to your system as that user via ssh, webmin, usermin,
> or other means.  Given shell access, the cracker can install user-level IRC
> servers or gain root access via exploits that only work for local users.  I
> have seen cases where crackers were able to change user shells and other
> information via usermin or webmin by exploiting vulnerabilities in system
> utilities thus gaining access to the system.
> 

I saw a similar thing attacking smtp-auth (SASL) recently. The moral 
being that any service that authenticates with a username/password is 
open to brute forcing attacks - it's not just ssh we need worry about.


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux