[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Suse 10.1 pop3d

To: ossec-list@xxxxxxxxx
Subject: [ossec-list] Suse 10.1 pop3d
From: web3p1@xxxxxxxxxxxxxxx
Date: Mon, 08 Oct 2007 19:46:22 +0200
Authentication-results: mx.google.com; spf=pass (google.com: domain of web3p1@xxxxxxxxxxxxxxx does not designate 66.249.90.178 as permitted sender) smtp.mail=ossec-list+caf_=ossec-list=googlegroups.com@xxxxxxxxx
Authentication-results: mx.google.com; spf=pass (google.com: domain of web3p1@xxxxxxxxxxxxxxx designates 87.106.137.58 as permitted sender) smtp.mail=web3p1@xxxxxxxxxxxxxxx

ossec in general works, but i didnt get the brutefore attack stopped  
for pop3d with ossec. Has someone a actual ossec config/rule set for  
pop3d running on Suse 10.1 or give me some hints.

I got the following messages from ossec
Rule: 40111 fired (level 10) -> "Multiple authentication failures."

---my logentrys looks like:
Oct 8 17:59:06 plesk pop3d: IMAP connect from @  
[xxx.xxx.xxx.xxx]checkmailpasswd: FAILED: mika - no such user from @  
[xxx.xxx.xxx.xxx]DEBUG: Connection, ip=[yyy.yyy.yyy.yyy]

Oct 8 17:59:43 plesk pop3d: IMAP connect from @  
[xxx.xxx.xxx.xxx]checkmailpasswd: FAILED: mika - no such user from @  
[xxx.xxx.xxx.xxx]ERR: LOGIN FAILED, ip=[xxx.xxx.xxx.xxx]
---

thanks
Brujo

Prev by Date: [ossec-list] Centralized configuration on the server side
Next by Date: [ossec-list] Re: Problem on email notification
Previous by thread: [ossec-list] Re: Centralized configuration on the server side
Next by thread: [ossec-list] Re: Problem on email notification
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.