[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] POP3 - Denial of Service Attack



David Huecking schrieb:

Maybe use the Courier-Imap package?! The performance is much better.
...but how is this security related? :-)

On Montag 20 September 2004 15:56, Pablo Ronco wrote:

I suffered an attack to my POP3 Daemon, I'm using imap-2001a-38 as
imap and pop3 daemon. It seems that an attacker sent lots of pop3 request
causing the daemon to crash. I could not find any workaround except
filtering pop3 request from outside.

Is this problem reported anywhere, what can I do?


I use qpopper pop3-daemon, because it has some more authentificationmethodes and is more reliable.

If you want to filter, there is an iptables option for xx packets/time maybe that helps.

No debate on security relation, but this may be a brute-force hack of your pop-daemon (not a DoS even if your daemon crashes). This is sort of script-kiddie. Run TCP-dump on pop3-port and look what he's doing or watch mail-log.

Philippe

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here