Host attempting to log in constantly via POP3
From: Alan Baker (alanwbaker_at_yahoo.com)
Date: 02/29/04
- Next message: Jem Berkes: "Re: Host attempting to log in constantly via POP3"
- Previous message: Casper H.S. ***: "Re: OS Partitioning and security"
- Next in thread: Jem Berkes: "Re: Host attempting to log in constantly via POP3"
- Reply: Jem Berkes: "Re: Host attempting to log in constantly via POP3"
- Reply: Mark Hittinger: "Re: Host attempting to log in constantly via POP3"
- Reply: NeoSadist: "Re: Host attempting to log in constantly via POP3"
- Reply: Keith: "Re: Host attempting to log in constantly via POP3"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 29 Feb 2004 14:37:00 -0800
Hello,
My logs show some computer attempting to log into my Linux server via
POP3 every 5-10 seconds using the same userid. Apparently they do not
have the password so the attempts always fail. There have been about
100,000 attempts this month.
The IP address changes about every 10 minutes, but each is a
dsl.snfc21.pacbell.net address. So I suspect it is logging on then
off a PPPOE connection.
When I run nmap -v -sS -O -F <ipaddress>, all ports show filtered.
The login attempts stop during the nmap run then resume when the run
is complete.
Q: Do you have any suggestions on blocking or identifying this
computer?
Alan
- Next message: Jem Berkes: "Re: Host attempting to log in constantly via POP3"
- Previous message: Casper H.S. ***: "Re: OS Partitioning and security"
- Next in thread: Jem Berkes: "Re: Host attempting to log in constantly via POP3"
- Reply: Jem Berkes: "Re: Host attempting to log in constantly via POP3"
- Reply: Mark Hittinger: "Re: Host attempting to log in constantly via POP3"
- Reply: NeoSadist: "Re: Host attempting to log in constantly via POP3"
- Reply: Keith: "Re: Host attempting to log in constantly via POP3"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
