Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Brute force SMTP attack right now *help*
Top Forums UNIX for Advanced & Expert Users Brute force SMTP attack right now *help* Post 302262221 by chatwizrd on Wednesday 26th of November 2008 04:36:45 PM
Old 11-26-2008
netstat -na | grep 587

This should tell you all connections on the saslauthd. If they are the same ip address you can just block it. If they are different you might have to make a script or something to block them.
 

8 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Apache brute force attack

Hi, I'm trying find out if there is a way to stop a brute force attack on a Webmail site. I'm trying to setup a webmail access, but I would like to prevent too many invalid logins from the same IP. I've looked into Snort, but I was wondering if there was an application level firewall that can... (1 Reply)
Discussion started by: nitin
1 Replies

2. Cybersecurity

What I think is a DoS attack

About 3 days ago our Apache logs started filling with the following errors: mod_ssl: SSL handshake failed (server <weberver>:443, client 41.235.234.172) (OpenSSL library error follows) OpenSSL: error:1408A0B7:SSL routines:SSL3_GET_CLIENT_HELLO:no ciphers specified These initially were... (1 Reply)
Discussion started by: ccj4467
1 Replies

3. Cybersecurity

Found attack from

Hi, I have a belkin router installed and a look at the security log has got me worried a little bit. Security log: Fri Jan 29 20:41:46 2010 =>Found attack from 68.147.232.199. Source port is 58591 and destination port is 12426 which use the TCP protocol. Fri Jan 29 20:41:46 2010 ... (1 Reply)
Discussion started by: jld
1 Replies

4. Cybersecurity

Network attack - so what?

In my logs I find entries about attacks on my system. I know IP addresses, I know date and time and I know what they tried to do. So what's the best I can do now? Tell everybody that there are cybercriminals on that network? Write an email to their admin? Anything else? (10 Replies)
Discussion started by: Action
10 Replies

5. Cybersecurity

UUCP attack?

Is this an attack attempt? I got an e-mail from 'uucp Admin' last night and again this morning: What does it mean and what can I do about it? Thanks (4 Replies)
Discussion started by: ctafret
4 Replies

6. Cybersecurity

DDoS and brute force attack

How to protect DDoS and brute force attack. I want to secure my server and block attacker. (1 Reply)
Discussion started by: romanepo
1 Replies

7. Shell Programming and Scripting

Expect script that simulates a SSH brute force attack

I want to test the effectiveness of sshguard on some of my systems so I'm trying to write a script that simulates a brute force attack by sending a bunch of different username and password combinations to the servers being tested. So far I have this: #!/usr/local/bin/expect set timeout 3... (5 Replies)
Discussion started by: ph0enix
5 Replies

8. Emergency UNIX and Linux Support

DDOS attack please help!

Dear community, my site was recently attacjed by DDOS technique and goes down in a few minutes. My site runs under Debian/Apache2/Mysql. I identified the IPs who attack me and block it through iptable firewall from debian. Something like: iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP This... (7 Replies)
Discussion started by: Lord Spectre
7 Replies

LEARN ABOUT CENTOS

smtptest

SMTPTEST(1)						      General Commands Manual						       SMTPTEST(1)

 *

NAME

       smtptest - interactive SMTP test program

SYNOPSIS

       smtptest [ -t keyfile ] [ -p port ] [ -m mechanism ]
		[ -a userid ] [ -u userid ] [ -k num ] [ -l num ]
		[ -r realm ] [ -f file ] [ -n num ] [ -s ] [ -c ]
		[ -i ] [ -o option=value ] [ -v ] hostname

DESCRIPTION

       smtptest  is  a utility that allows you to authenticate to a SMTP server and interactively issue commands to it. Once authenticated you may
       issue any SMTP command by simply typing it in. It is capable of multiple SASL  authentication  mechanisms  and  handles	encryption  layers
       transparently. This utility is often used for testing the operation of a smtp server. Also those developing SMTP clients find it useful.

OPTIONS

       -t keyfile
	      Enable  TLS.   keyfile  contains	the  TLS  public and private keys.  Specify "" to negotiate a TLS encryption layer but not use TLS
	      authentication.

       -p port
	      Port to connect to. If left off this defaults to smtp as defined in /etc/services.

       -m mechanism
	      Force smtptest to use mechanism for authentication. If not specified the strongest authentication mechanism supported by the  server
	      is chosen.

       -a userid
	      Userid  to use for authentication; defaults to the current user.	This is the userid whose password or credentials will be presented
	      to the server for verification.

       -u userid
	      Userid to use for authorization; defaults to the current user.  This is the userid whose identity will be assumed after  authentica-
	      tion.  NOTE: This is only used with SASL mechanisms that allow proxying (e.g. PLAIN, DIGEST-MD5).

       -k num Minimum protection layer required.

       -l num Maximum  protection  layer to use (0=none; 1=integrity; etc).  For example if you are using the KERBEROS_V4 authentication mechanism
	      specifying 0 will force smtptest to not use any layer and specifying 1 will force it to use the integrity  layer.   By  default  the
	      maximum supported protection layer will be used.

       -r realm
	      Specify the realm to use. Certain authentication mechanisms (e.g. DIGEST-MD5) may require one to specify the realm.

       -f file
	      Pipe file into connection after authentication.

       -n num Number  of  authentication  attempts;  default  =  1.   The client will attempt to do SSL/TLS session reuse and/or fast reauth (e.g.
	      DIGEST-MD5), if possible.

       -s     Enable SMTP over SSL (smtps).

       -c     Enable challenge prompt callbacks.  This will cause the OTP mechanism to ask for the the one-time password  instead  of  the  secret
	      pass-phrase (library generates the correct response).

       -i     Don't send an initial client response for SASL mechanisms, even if the protocol supports it.

       -o option=value
	      Set the SASL option to value.

       -v     Verbose. Print out more information than usual.

SEE ALSO

       sendmail(8)

CMU
								   Project Cyrus						       SMTPTEST(1)
All times are GMT -4. The time now is 03:59 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy