From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-111795-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1OP3a2-0006Vh-2m
	for garchives@archives.gentoo.org; Thu, 17 Jun 2010 01:07:42 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id B3B5BE0D89
	for <garchives@archives.gentoo.org>; Thu, 17 Jun 2010 01:07:41 +0000 (UTC)
Received: from mx.virtyou.com (mx.virtyou.com [94.23.166.77])
	by pigeon.gentoo.org (Postfix) with ESMTP id AF5C9E089A
	for <gentoo-user@lists.gentoo.org>; Thu, 17 Jun 2010 00:59:07 +0000 (UTC)
Received: from weird.localnet (p4FF059E3.dip.t-dialin.net [79.240.89.227])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx.virtyou.com (Postfix) with ESMTPSA id DD4F14A800C
	for <gentoo-user@lists.gentoo.org>; Thu, 17 Jun 2010 02:59:07 +0200 (CEST)
From: Alex Schuster <wonko@wonkology.org>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] User & password scanning on pop3
Date: Thu, 17 Jun 2010 02:59:04 +0200
User-Agent: KMail/1.13.3 (Linux/2.6.33-tuxonice-r2; KDE/4.4.4; x86_64; ; )
References: <4C196BAB.7080308@Rods.id.au>
In-Reply-To: <4C196BAB.7080308@Rods.id.au>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <201006170259.06274.wonko@wonkology.org>
X-Archives-Salt: 7c36bfb3-7a90-4255-bf01-58ffc44049aa
X-Archives-Hash: 0070ef4baea0f44de58a90bb12ce8bea

Rod writes:

>      Does anyone know how to block, or auto programs in Gentoo to limit
> or stop people scanning for a user/password hacking on your firewall?

I am using net-analyzer/fail2ban. That can block an IP after some 
unsuccessful login attempts. This helps a lot, but not against bot nets, 
when every host tries for two times only.

>      Besides disabling those ports, I still need the port accessable
> from the outside, and I guess they'd just try imap if pop was blocked.

Could you change the port to something unusual, like 1100?

	Wonko