As I
said before, you are seeing a dictionary attack, nothing else. There are
several ways to stop or reduce these, just google for dictionary attack. A
9 meg smtp log file isn't overly large, but in order to "prove" your original
theory correct, we need to see the web logs where your attacker is doing
the attacking.....
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Timothy Hunold-Cre8ive guy
Sent: Monday, February 17, 2003 12:32 AM
To: [EMAIL PROTECTED]
Subject: RE: [IMail Forum] imail, meltdownports open 21 25 80 90 110 3389 8181 8383(now 8381)weblogs show only inktomi (slurp)domain in question is missbeverlyhills.com (soon to have free email service at client's request)seems like a portsniffer was used, but i used retina from my side, both on the box and off the box for vulnerabilities. nmap, etc....acc file from our buddy at famhosts was implimented...as you can see, he changes ips every few minutes. today's log file is 9mb-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jason Newland
Sent: Sunday, February 16, 2003 10:19 PM
To: [EMAIL PROTECTED]
Subject: RE: [IMail Forum] imail, meltdownThe log file below shows that you are in the middle of your garden variety dictionary attack. You have several options to repel this...border router, .acc file, etc, but this doesn't explain your original post about webmail crashing your smtp. Can you also provide logs from your web log files...?Jason
