Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » POP3 attack
  •  
fishtech

Messages: 620
Karma: 14
Send a private message to this user
Hi,

We have been experiencing a POP3 attack. Hundreds of different account names were tested by a bot.

I found this relevant thread from 2007 http://forums.kerio.com/index.php?t=msg&goto=42728&S =08de766de82f8f6c1692dc2d5c3f0baf&srch=pop3+blacklist#ms g_42728

In KMS 7.1.1 are there any security features that would blacklist the IP address after x failed login attempts? Is there a better way to deal with such attacks rather than blacklisting at firewall level?

Thanks,

ft.

[Updated on: Wed, 13 October 2010 20:56]

  •  
GlennK

Messages: 252
Karma: 3
Send a private message to this user
We've had this too. Not much you can do. Just wait it out. You can lockout the account after failed attempts but not the IP.
  •  
Wilco

Messages: 73
Karma: -1
Send a private message to this user
I did use a whitelist. This is because I know the IP adresses that may use POP. So it excludes all other attemps from foreign IP adresses.

Kerio Connect 9.2.3 on Windows Server 2012 R2 (dutch)
  •  
ICT and Me

Messages: 936

Karma: 53
Send a private message to this user
The use of a good firewall could help.
Then you can block the IP address even on service (POP3).

What do you think about Kerio Control? Wink

ICT and Me
Carlo Turk
The Netherlands
www.ictandme.nl
  •  
fishtech

Messages: 620
Karma: 14
Send a private message to this user
Thanks... I am already blocking at firewall level.

But this process is not automated. Instead I have to look through the logs, find IP addresses of the attackers and add them to my firewall.

Does Kerio Control automate this process?

ft.
  •  
ICT and Me

Messages: 936

Karma: 53
Send a private message to this user
Kerio Control can do intrusion prevention and detection.
Most of the attackers are alredy known.
And you can also make your own blacklist.

ICT and Me
Carlo Turk
The Netherlands
www.ictandme.nl
  •  
waz2304

Messages: 8
Karma: 0
Send a private message to this user
I have this problem also, but recently the ip address of the attacker/bot is my own ip. It's only a small network of the mail server and under 5 pc's at any one time. Should I be concerned that it is my own IP showing or is this something that is showing by mistake? Im using a prosafe firewall and kasperky small office on the server and workstations.
Previous Topic: SPAM filtering, which comes first ...
Next Topic: Kerio Connect 7.1.2 released
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Sep 24 17:50:04 CEST 2017

Total time taken to generate the page: 0.00470 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.