[CentOS] saslauthd attack

Thu Feb 11 04:01:06 UTC 2010
Les Bell <lesbell at lesbell.com.au>

John Hinton wrote:

>>
Yes... most of them. Just the new PITA. Anyway... I still can't seem to
figure out how to log the IP addresses for this attack.
<<

I'd use iptables to log connections on that port and then time-correlate
with the log entries from saslauthd.

Best,

--- Les Bell
[http://www.lesbell.com.au]
Tel: +61 2 9451 1144