[Top] [All Lists]

Re: [ietf-smtp] [Shutup] Levels of proposals

2015-12-06 23:23:32
On Fri, Dec 04, 2015 at 11:18:21AM -0800, Ned Freed wrote:
I even see it on my home system. It kinds of amazes me that my little box is
seen as a target worth spending time banging on, but my logs show ~12,000
password guessing attempts in the last 12 hours. (It's all coming from Hong
Kong, the IPs doing it are in the SBL, and it seems to be driven on a 
list of likely account names, not anything more targeted.)

Do you expect to ever see a valid authentication from Hong Kong?

If not, then why not firewall it out?

As long as it's not affecting network or system performance - and it isn't -
it's not worth the bother. In fact I'd rather know what the attackers are up
to. Of course this is just me; YMMV.

I do occasionally get hammered, but that's usually just unauthenticated
SMTP traffic. In those case I put in a block.

The overwhelming majority of operations see locality of authentication:
that is, they see legitimate/successful attempts from the country they
operate in, or from perhaps a few countries.  (Obviously this is not
true of huge operations or of multinationals or anything like that.
But while those are prominent, they're also only a small fraction of
"all operations".  Joe's Donuts in Dubuque will never see a valid SMTP
AUTH request from Dubai.)


For such operations, it's useful to block everything and then just
allow traffic from the country (or handful of countries) that are known
a priori to originate valid attempts. has the appropriate
ranges and is updated regularly.

Good to know.


ietf-smtp mailing list