Brute Force Dictionary Attack on Dovecot

From Free Knowledge Base- The DUCK Project: information for everyone
Revision as of 23:17, 6 February 2014 by Admin (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

In a brute force dictionary attack, a remote host attempts to connect using common phrases for username and password, connecting and trying combinations as fast as possible, until either entry is achieved by a match, or the overload system experiences an overflow resulting in breach.

The most common brute force dictionary attack against Dovecot is continuous connections to port 25, the port responsible for listening to incoming mail, and connections from clients attempting to send mail.

ENTRIES FROM: secure (log) 

Dec 27 03:50:35 lvps83 saslauthd[6120]: do_auth : auth failure: [user=james] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
Dec 27 03:50:35 lvps83 saslauthd[6122]: do_auth : auth failure: [user=james] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]

The above lines are from saslauthd, there must be lines from postfix as well and they contain the IP address of the attacker.

Retrieved from "https://wiki.robotz.com/index.php?title=Brute_Force_Dictionary_Attack_on_Dovecot&oldid=8122"