Re: qpopper brute force attack

To: Debian Isp <debian-isp@lists.debian.org>
Subject: Re: qpopper brute force attack
From: Craig Sanders <cas@taz.net.au>
Date: Mon, 23 Apr 2007 23:29:18 +1000
Message-id: <20070423132918.GA7734@taz.net.au>
In-reply-to: <462C8B07.4070906@pangea.org>
References: <462C8B07.4070906@pangea.org>

On Mon, Apr 23, 2007 at 12:31:35PM +0200, Carlos Acedo wrote:
> I have received an attack to my pop3 server qpopper leading this
> to crash, and every time I woke up it crashed again. Eventually I
> filtered the attacker ip with iptables.

qpopper?

you shouldn't be using qpopper, anyway. it's probably one of the
crappiest pop daemons there is. i didn't know anyone still used it. i'm
surprised it's still even in debian.

switch to dovecot or courier-pop or something decent instead. even
cucipop is many times better (hmm. how odd. qpopper is still packaged in
debian, but cucipop isn't.)

> The attacker was trying to login with usual names with many attempts
> per second (AKA brute force).

this happens all the time.  the net is a hostile environment.  it's why you
should a) choose the best available implementation of any daemon, and b) keep
it up-to-date.

and, as you did, monitor your logs and create iptables rules or whatever
as needed.

> After the attack I'm not very confident to qpooper, so is there any
> good alternatives to qpopper? what about xmail?

dunno about xmail, never used it or even heard of it before tonight.
i switched from cucipop to dovecot a few years back and have never
regretted the choice.

craig

-- 
craig sanders <cas@taz.net.au>

"In Christianity neither morality nor religion come into contact with
reality at any point."
		-- Friedrich Nietzsche

Reply to:

References:
- qpopper brute force attack
  - From: Carlos Acedo <carlos@pangea.org>

Prev by Date: Re: qpopper brute force attack
Next by Date: Re: qpopper brute force attack
Previous by thread: Re: qpopper brute force attack
Next by thread: Re: qpopper brute force attack
Index(es):
- Date
- Thread