[CentOS] Dovecot under brute force attack - nice attacker

Tue Jun 2 15:31:20 UTC 2009
Kai Schaetzl <maillists at conactive.com>

Henry ritzlmayr wrote on Tue, 02 Jun 2009 14:51:23 +0200:

> ->Only the last try gets logged.

can't reproduce this. The following was done in one connection to 
localhost.

Jun  2 17:09:10 d01 dovecot-auth: pam_unix(dovecot:auth): check pass; user 
unknown
Jun  2 17:09:10 d01 dovecot-auth: pam_unix(dovecot:auth): authentication 
failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=::ffff:127.0.0.1
Jun  2 17:09:10 d01 dovecot-auth: pam_succeed_if(dovecot:auth): error 
retrieving information about user bongo

Jun  2 17:09:30 d01 dovecot-auth: pam_unix(dovecot:auth): check pass; user 
unknown
Jun  2 17:09:30 d01 dovecot-auth: pam_unix(dovecot:auth): authentication 
failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=::ffff:127.0.0.1
Jun  2 17:09:30 d01 dovecot-auth: pam_succeed_if(dovecot:auth): error 
retrieving information about user bongo2


Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com