Re: SMTP server account probing

From: Alexander Bochmann (bochmannat_private)
Date: Wed Mar 10 1999 - 12:42:44 PST

Next message: Keith Piepho: "Re: Digital Unix 4 protected password database."

Previous message: Ed Arnold: "Re: 64 bit Solaris procfs bug"
Maybe in reply to: Brett Glass: "SMTP server account probing"
Next in thread: typoat_private: "Re: SMTP server account probing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

...on Tue, Mar 09, 1999 at 04:16:13PM -0600, Scott Fendley wrote:

 > Couldn't you just compile sendmail with tcp_wrapper support, and have a
 > script parsing your logs so that if someone manages to get n # of pokes at
 > your system then their Ip address and/or DNS server will be placed in the
 > hosts.deny.

Perhaps Spamshield could be enhanced to solve this problem.

http://www.abest.com/~kai/spamshield.html

Even if the detection is adapted, it would probably only work after the first
attack though, as it seems sendmail doesn't log the attacking hosts name
before the connection is closed when no data is sent.

Alex.

Next message: Keith Piepho: "Re: Digital Unix 4 protected password database."
Previous message: Ed Arnold: "Re: 64 bit Solaris procfs bug"
Maybe in reply to: Brett Glass: "SMTP server account probing"
Next in thread: typoat_private: "Re: SMTP server account probing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:38:50 PDT