On Jun 4, 2013 9:00 AM, "Tim Daneliuk" <[email protected]> wrote: > > I am seeing login dictionary attacks on a FreeBSD mail server being > reported. Is there a way to determine the IPs that are doing this > so they can be blocked at the firewall? auth.log only > notes the attempted user name, not the IP of origin. > -- > ----------------------------------------------------------------------- > Tim Daneliuk > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " [email protected]"
On Jun 4, 2013 9:00 AM, "Tim Daneliuk" <[email protected]> wrote: > > I am seeing login dictionary attacks on a FreeBSD mail server being > reported. Is there a way to determine the IPs that are doing this > so they can be blocked at the firewall? auth.log only > notes the attempted user name, not the IP of origin. > -- > ----------------------------------------------------------------------- > Tim Daneliuk > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " [email protected]" one idea is to run auth on a different service / machine on a non-standard port, that at least cuts down the noise from "non-targetted" scans. Waitman Gobble San Jose California USA _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[email protected]"
