On Fri, Aug 15, 2008 at 06:43:30PM -0300, Eduardo M KALINOWSKI wrote:
Charles Marcus wrote:
Dictionary attacks are a fact of life these days.
Just install some kind of blocking on your firewall (fail2ban is a good one), and let it take care of the worst of it..
I wonder what they want by cracking a POP3 server. Read the user's mails? It's true POP3 passwords are almost always equal to SMTP ones (which is useful for spamming), but then why not try to crack the SMTP server directly?
One reason is so that they can get SMTP AUTH information and then sell the username/password pairs to spammers.
Open relays are much more rare nowadays, so having a legitimate pre-existing account that can be used for outbound spam is worth much more than opening a new hotmail or gmail account. Especially through smaller ISPs that may not have adequate outbound mail rate-limits in place.
A single hijacked mail account through a small ISP without rate-limits can be used to send an incredible amount of spam before it's caught.
-- Dean Brooks dean@iglou.com