Am Donnerstag, 8. Januar 2015, 14:20:27 schrieb Jerry Stuckle: > As for the attacks - I've seen a big uptake in the attacks over the last > couple of weeks. The worst I've seen is > 100 IP's locked out in one 24 > hour period. They are coming from all over the world, although since > there are a lot of proxies (many of them from trojans/viruses installed > on unsuspecting machines), there's no easy way to tell what the real > origins are.
Okay, as for the dovecot logs, yes there are more. People try to hack it. Also from China some. And there are even people who try more than plaintext: Jan 5 22:25:40 mondschein dovecot: pop3-login: Disconnected (no auth attempts in 5 secs): user=<>, rip=66.240.236.119, lip=[…], TLS: SSL_read() syscall failed: Connection reset by peer, TLSv1.2 with cipher DHE-RSA-AES256-GCM- SHA384 (256/256 bits) Jan 5 22:25:40 mondschein dovecot: pop3-login: Disconnected (no auth attempts in 10 secs): user=<>, rip=66.240.236.119, lip=[…], TLS: Disconnected, TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits) but then don´t even try to authentificate. So, of course, you need to be careful about passwords with password based services. -- Martin 'Helios' Steigerwald - http://www.Lichtvoll.de GPG: 03B0 0D6C 0040 0710 4AFA B82F 991B EAAC A599 84C7 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/8029236.eVnGfnYuZB@merkaba
