Mailing List CGatePro@mail.stalker.com Message #92590
From: John Rudd <jrudd@ucsc.edu>
Subject: Re: Speaking of CGP and Spam....
Date: Wed, 12 Sep 2007 10:49:20 -0700
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
Dave Pooser wrote:
Turns out that in Settings -> Obscure -> Login Security, we were
suspending account who had 15 failed logins within one minute, so the
attacker was trying different passwords for this account and it was
locked.  I found his IP and I locked him in the firewall.

One of the advantages of running a corporate mail server is I know where my
users are and where they're not likely to be. So years ago I blocked all of
APNIC space and most of eastern Europe at the POP and IMAP listeners. If I
have a user traveling to Asia or Australia I'll unblock them (or give them
an alternate port) but it stopped the attacks coming from China and Korea
and Ukraine and Russia and....

(Yes, I could block even more attacks if I blocked US IP space, but my guys
actually spend time here. Not so other continents, usually.)


Would you mind sharing what those blocked IP ranges are?  (and what each range corresponds to, so "these are the APNIC ones", and "these are the Eastern Europe ones", etc.)

(if you don't want to share it publicly, that's fine, I'd be happy to hear it off list)

I'm thinking about blocking some of those same ranges.



Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster