dovecot bruteforce attack 무차별 대입공격
LINUX
작성자
nstor
작성일
2016-08-12 03:21
조회
2347
[root@xxx]# ps -ef|grep pop3 | wc -l
130
많은 메일 사용자가 없는데
[root@xxx]# yum install epel-release // 기본 저장소에서 fail2ban 패키지 설치가 안되서 저장소 추가
[root@xxx]# yum install fail2ban // 설치
[root@xxx]# vi /etc/fail2ban/filter.d/dovecot-pop3imap.conf // 생성후 아래 내용을 입력
[Definition] failregex = (?: pop3-login|imap-login): (?:Authentication failure|Aborted login (auth failed|Aborted login (tried to use disabled|Disconnected (auth failed).*rip=(?P<host>S*),.*
ignoreregex =
[root@xxx]#vi /etc/fail2ban/jail.conf // 아래내용을 추가
[dovecot-pop3imap] enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,imap", protocol=tcp] logpath = /var/log/maillog
maxretry = 20
findtime = 1200
bantime = 1200
[root@xxx]# /etc/init.d/fail2ban start
Starting fail2ban: [ OK ] [root@xxx]# /etc/init.d/dovecot restart
Stopping Dovecot Imap: [ OK ] Starting Dovecot Imap: [ OK ]
[root@xxx]# ps -ef|grep pop3| wc -l
4
130
많은 메일 사용자가 없는데
[root@xxx]# yum install epel-release // 기본 저장소에서 fail2ban 패키지 설치가 안되서 저장소 추가
[root@xxx]# yum install fail2ban // 설치
[root@xxx]# vi /etc/fail2ban/filter.d/dovecot-pop3imap.conf // 생성후 아래 내용을 입력
[Definition] failregex = (?: pop3-login|imap-login): (?:Authentication failure|Aborted login (auth failed|Aborted login (tried to use disabled|Disconnected (auth failed).*rip=(?P<host>S*),.*
ignoreregex =
[root@xxx]#vi /etc/fail2ban/jail.conf // 아래내용을 추가
[dovecot-pop3imap] enabled = true
filter = dovecot-pop3imap
action = iptables-multiport[name=dovecot-pop3imap, port="pop3,imap", protocol=tcp] logpath = /var/log/maillog
maxretry = 20
findtime = 1200
bantime = 1200
[root@xxx]# /etc/init.d/fail2ban start
Starting fail2ban: [ OK ] [root@xxx]# /etc/init.d/dovecot restart
Stopping Dovecot Imap: [ OK ] Starting Dovecot Imap: [ OK ]
[root@xxx]# ps -ef|grep pop3| wc -l
4
