[postfix-jp: 4332] SMTP認証総当たり攻撃

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[postfix-jp: 4332] SMTP認証総当たり攻撃

Yasuo FUKUDA
postfix固有の話で無いことをお許しください。

postfixのログを見ておりましたら、SMTP認証への総当たり攻撃と思われるアクセス
がありましたが皆三回で終わっております。これはfail2banのような対策をくぐり
抜けようというトレンドなのでしょうか? 皆様のSMTP認証への総当たり攻撃への
対策をお聞かせ願えれば幸いです。

Aug 31 14:59:05 server01 postfix/smtpd[28528]: warning:
186-92-225-84.genericrev.cantv.net[186.92.225.84]: SASL PLAIN
authentication failed:
Aug 31 14:59:08 server01 postfix/smtpd[28483]: warning:
1-171-128-235.dynamic.hinet.net[1.171.128.235]: SASL PLAIN authentication
failed:
Aug 31 14:59:14 server01 postfix/smtpd[28528]: warning:
186-92-225-84.genericrev.cantv.net[186.92.225.84]: SASL PLAIN
authentication failed:
Aug 31 14:59:17 server01 postfix/smtpd[28483]: warning:
1-171-128-235.dynamic.hinet.net[1.171.128.235]: SASL PLAIN authentication
failed:
Aug 31 14:59:20 server01 postfix/smtpd[28528]: warning:
186-92-225-84.genericrev.cantv.net[186.92.225.84]: SASL PLAIN
authentication failed:
Aug 31 14:59:23 server01 postfix/smtpd[28483]: warning:
1-171-128-235.dynamic.hinet.net[1.171.128.235]: SASL PLAIN authentication
failed:
Aug 31 15:02:05 server01 postfix/smtpd[28904]: warning:
unknown[123.25.71.119]: SASL PLAIN authentication failed:
Aug 31 15:02:13 server01 postfix/smtpd[28904]: warning:
unknown[123.25.71.119]: SASL PLAIN authentication failed:
Aug 31 15:02:19 server01 postfix/smtpd[28904]: warning:
unknown[123.25.71.119]: SASL PLAIN authentication failed:
Aug 31 15:17:08 server01 postfix/smtpd[28904]: warning:
unknown[116.100.122.235]: SASL PLAIN authentication failed:
Aug 31 15:17:17 server01 postfix/smtpd[28904]: warning:
unknown[116.100.122.235]: SASL PLAIN authentication failed:
Aug 31 15:17:23 server01 postfix/smtpd[28904]: warning:
unknown[116.100.122.235]: SASL PLAIN authentication failed:
Aug 31 22:30:57 server01 postfix/smtpd[6217]: warning:
179-236-243-52.user.veloxzone.com.br[179.236.243.52]: SASL PLAIN
authentication failed:
Aug 31 22:31:08 server01 postfix/smtpd[6217]: warning:
179-236-243-52.user.veloxzone.com.br[179.236.243.52]: SASL PLAIN
authentication failed:
Aug 31 22:31:15 server01 postfix/smtpd[6217]: warning:
179-236-243-52.user.veloxzone.com.br[179.236.243.52]: SASL PLAIN
authentication failed:
Sep  1 04:59:50 server01 postfix/smtpd[28814]: warning:
unknown[46.32.214.144]: SASL PLAIN authentication failed:
Sep  1 04:59:58 server01 postfix/smtpd[28814]: warning:
unknown[46.32.214.144]: SASL PLAIN authentication failed:
Sep  1 05:00:05 server01 postfix/smtpd[28814]: warning:
unknown[46.32.214.144]: SASL PLAIN authentication failed:
Sep  1 12:43:43 server01 postfix/smtpd[7913]: warning:
unknown[58.187.93.99]: SASL PLAIN authentication failed:
Sep  1 12:43:53 server01 postfix/smtpd[7913]: warning:
unknown[58.187.93.99]: SASL PLAIN authentication failed:
Sep  1 12:44:00 server01 postfix/smtpd[7913]: warning:
unknown[58.187.93.99]: SASL PLAIN authentication failed:

--
Yasuo FUKUDA (福田康夫) @chohkan.org

_______________________________________________
Postfix-jp-list mailing list
[hidden email]
http://lists.osdn.me/mailman/listinfo/postfix-jp-list