Brute force SMTP attack right now *help* Post: 302262209

Sponsored Content

Top Forums UNIX for Advanced & Expert Users Brute force SMTP attack right now *help* Post 302262209 by mcraul on Wednesday 26th of November 2008 03:31:39 PM

11-26-2008

Registered User

Brute force SMTP attack right now *help*

Im currently experiancing a brute force attack on my server

Code:

Nov 26 15:27:04 ws096 saslauthd[7071]: do_auth         : auth failure: [user=mouse] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]
Nov 26 15:27:13 ws096 saslauthd[7071]: do_auth         : auth failure: [user=nathan] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]
Nov 26 15:27:22 ws096 saslauthd[7072]: do_auth         : auth failure: [user=nissan] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]
Nov 26 15:27:29 ws096 PAM_pwdb[30322]: check pass; user unknown
Nov 26 15:27:31 ws096 saslauthd[7072]: do_auth         : auth failure: [user=rebecca] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]
Nov 26 15:27:39 ws096 saslauthd[7072]: do_auth         : auth failure: [user=shalom] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]
Nov 26 15:27:48 ws096 saslauthd[7072]: do_auth         : auth failure: [user=smile] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]
Nov 26 15:27:57 ws096 saslauthd[7072]: do_auth         : auth failure: [user=sparky] [service=smtp] [realm=] [mech=shadow] [reason=Unknown]
Nov 26 15:28:01 ws096 PAM_pwdb[30542]: (dovecot) session opened for user jlymburner by (uid=0)

How do i stop this? I cant find the ip the attack is coming from
Its on a CentOS 4.x box

Thanks!

mcraul

View Public Profile for mcraul

Find all posts by mcraul

8 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Apache brute force attack

Hi, I'm trying find out if there is a way to stop a brute force attack on a Webmail site. I'm trying to setup a webmail access, but I would like to prevent too many invalid logins from the same IP. I've looked into Snort, but I was wondering if there was an application level firewall that can...

2. Cybersecurity

What I think is a DoS attack

About 3 days ago our Apache logs started filling with the following errors: mod_ssl: SSL handshake failed (server <weberver>:443, client 41.235.234.172) (OpenSSL library error follows) OpenSSL: error:1408A0B7:SSL routines:SSL3_GET_CLIENT_HELLO:no ciphers specified These initially were...

3. Cybersecurity

Found attack from

Hi, I have a belkin router installed and a look at the security log has got me worried a little bit. Security log: Fri Jan 29 20:41:46 2010 =>Found attack from 68.147.232.199. Source port is 58591 and destination port is 12426 which use the TCP protocol. Fri Jan 29 20:41:46 2010 ...

4. Cybersecurity

Network attack - so what?

In my logs I find entries about attacks on my system. I know IP addresses, I know date and time and I know what they tried to do. So what's the best I can do now? Tell everybody that there are cybercriminals on that network? Write an email to their admin? Anything else?

5. Cybersecurity

UUCP attack?

Is this an attack attempt? I got an e-mail from 'uucp Admin' last night and again this morning: What does it mean and what can I do about it? Thanks

6. Cybersecurity

DDoS and brute force attack

How to protect DDoS and brute force attack. I want to secure my server and block attacker.

7. Shell Programming and Scripting

Expect script that simulates a SSH brute force attack

I want to test the effectiveness of sshguard on some of my systems so I'm trying to write a script that simulates a brute force attack by sending a bunch of different username and password combinations to the servers being tested. So far I have this: #!/usr/local/bin/expect set timeout 3...

8. Emergency UNIX and Linux Support

DDOS attack please help!

Dear community, my site was recently attacjed by DDOS technique and goes down in a few minutes. My site runs under Debian/Apache2/Mysql. I identified the IPs who attack me and block it through iptable firewall from debian. Something like: iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP This...

LEARN ABOUT DEBIAN

authen::simple::smtp

Authen::Simple::SMTP(3pm)				User Contributed Perl Documentation				 Authen::Simple::SMTP(3pm)

NAME

       Authen::Simple::SMTP - Simple SMTP authentication

SYNOPSIS

	   use Authen::Simple::SMTP;

	   my $smtp = Authen::Simple::FTP->new(
	       host => 'smtp.company.com'
	   );

	   if ( $smtp->authenticate( $username, $password ) ) {
	       # successfull authentication
	   }

	   # or as a mod_perl Authen handler

	   PerlModule Authen::Simple::Apache
	   PerlModule Authen::Simple::SMTP

	   PerlSetVar AuthenSimpleSMTP_host "smtp.company.com"

	   <Location /protected>
	     PerlAuthenHandler Authen::Simple::SMTP
	     AuthType	       Basic
	     AuthName	       "Protected Area"
	     Require	       valid-user
	   </Location>

DESCRIPTION

       Authenticate against a SMTP service.

METHODS

       * new
	   This method takes a hash of parameters. The following options are valid:

	   * host  Connection host, can be a hostname or IP number. Defaults to "localhost".

		       host => 'ftp.company.com'
		       host => '10.0.0.1'

	   * port  Connection port, default to 25.

		       port => 25

	   * timeout
		   Connection timeout, defaults to 60.

		       timeout => 60

	   * log   Any object that supports "debug", "info", "error" and "warn".

		       log => Log::Log4perl->get_logger('Authen::Simple::SMTP')

       * authenticate( $username, $password )
	   Returns true on success and false on failure.

SEE ALSO

       Authen::Simple.

       Net::SMTP.

AUTHOR

       Christian Hansen "ch@ngmedia.com"

COPYRIGHT

       This program is free software, you can redistribute it and/or modify it under the same terms as Perl itself.

perl v5.8.8							    2008-03-01						 Authen::Simple::SMTP(3pm)