From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1OP3a2-0006Vh-2m for garchives@archives.gentoo.org; Thu, 17 Jun 2010 01:07:42 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B3B5BE0D89 for ; Thu, 17 Jun 2010 01:07:41 +0000 (UTC) Received: from mx.virtyou.com (mx.virtyou.com [94.23.166.77]) by pigeon.gentoo.org (Postfix) with ESMTP id AF5C9E089A for ; Thu, 17 Jun 2010 00:59:07 +0000 (UTC) Received: from weird.localnet (p4FF059E3.dip.t-dialin.net [79.240.89.227]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.virtyou.com (Postfix) with ESMTPSA id DD4F14A800C for ; Thu, 17 Jun 2010 02:59:07 +0200 (CEST) From: Alex Schuster To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] User & password scanning on pop3 Date: Thu, 17 Jun 2010 02:59:04 +0200 User-Agent: KMail/1.13.3 (Linux/2.6.33-tuxonice-r2; KDE/4.4.4; x86_64; ; ) References: <4C196BAB.7080308@Rods.id.au> In-Reply-To: <4C196BAB.7080308@Rods.id.au> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <201006170259.06274.wonko@wonkology.org> X-Archives-Salt: 7c36bfb3-7a90-4255-bf01-58ffc44049aa X-Archives-Hash: 0070ef4baea0f44de58a90bb12ce8bea Rod writes: > Does anyone know how to block, or auto programs in Gentoo to limit > or stop people scanning for a user/password hacking on your firewall? I am using net-analyzer/fail2ban. That can block an IP after some unsuccessful login attempts. This helps a lot, but not against bot nets, when every host tries for two times only. > Besides disabling those ports, I still need the port accessable > from the outside, and I guess they'd just try imap if pop was blocked. Could you change the port to something unusual, like 1100? Wonko