Connection throttling POP3.

Robert Banz banz at
Mon May 21 23:12:56 EDT 2007

On May 21, 2007, at 21:50, Daniel O'Connor wrote:

> On Tuesday 22 May 2007 05:10, Matthew Schumacher wrote:
>> I'm getting some spammer trying to guess usernames and passwords:
> I use the following to protect my SSH server (well not the SSH server
> per se, just me reading logfiles the next day)
> Needs PF though.

I take the approach of having a perl script (yay! File::Tail) sit and  
watch the logs on each server looking for signs of ssh (could easily  
be used for other things like pop as well) brute force attacks.  A  
certain # of failed logins in a time window from a single IP will  
cause that IP to get blocked by ipfilter for an appropriate period of  
time, after which the block is removed.  This stops most of your  
brute-force guessers; after a few tries of having their packets end  
up on the floor, they go away.


More information about the Info-cyrus mailing list