Tag Archives: Linux

Email Server Attack

Type: Brute Force
Protocol: POP3
OS: Linux 3.6.11+ armv6l
Platform: Pi Rev. B
Memory: 512M
Daemon: Dovecot 2.1.7-7
Backend Daemon: MySQL 5.5
Backend OS: Linux 2.6.32-5-amd64
Backend Platform: Generic AMD A4-3400 APU Dual Core
Backend Memory: 3.5G
Total Attempts: 13356
Avg. Attempt/s: 2.71

Postmortem: was *unable* to successfully authenticate to any valid user.
Attack was mitigated at the firewall (DROP).
abuse@integratelecom.com was contacted about this event.

Database Server Build

More for my records than anyone elses. Still someone may find some use for this information.

I started off by doing a standard network install of Debian Woody. After that I installed ssh and got to work.

Before doing anything else, I create a “poor man’s” disk mirror. This probably isn’t the best solution but it works for my needs. The first thing we need to do here is take a look at the current partition info:

venus:/# df | grep ^/dev
/dev/hde2 1999804 100580 1899224 6% /
/dev/hde1 999868 42036 957832 5% /boot
/dev/hde5 4000088 163476 3836612 5% /usr
/dev/hde6 999868 32840 967028 4% /tmp
/dev/hde7 4000088 37680 3962408 1% /home
/dev/hde8 16028688 198940 15829748 2% /var