Brute-force protection for your POP3 server. Stop dictionary-based attacks on POP3.
RdpGuard
Intrusion prevention system for your Windows Server
 
Follow:
Like:
Share:

POP3 Brute-Force Protection.

The Post Office Protocol (POP) is an application-layer protocol used by e-mail clients to retrieve e-mail from a server.

The very first version of the protocol (POP1) was described in RFC 918 in 1984. One year later, in 1985, the second version of the protocol (POP2) was introduced by RFC 937. POP version 3 (POP3) is the most recent version of the protocol was originated with RFC 1081 in 1988.

During the last 10 years POP3 has been superseded by the Internet Message Access Protocol (IMAP). But, after 30 years of the introduction, POP3 is still used on many servers around the globe.

The protocol was the subject of interest from the hackers and security experts many times. In result, multiple tools for POP3 brute-forcing are freely available on the Internet.

If POP3 ports are open on your server, you may notice repeating entries in your logs like below:

"POP3D"	"SENT: +OK POP3"
"POP3D"	"RECEIVED: CAPA"
"POP3D"	"SENT: +OK CAPA list follows[nl]USER[nl]UIDL[nl]TOP[nl]."
"POP3D"	"RECEIVED: USER bob"
"POP3D"	"SENT: +OK Send your password"
"POP3D"	"RECEIVED: PASS ***"
"POP3D"	"SENT: -ERR Invalid user name or password."
"POP3D"	"RECEIVED: USER alice"
"POP3D"	"SENT: +OK Send your password"
"POP3D"	"RECEIVED: PASS ***"
"POP3D"	"SENT: -ERR Invalid user name or password."
"POP3D"	"RECEIVED: USER joe"
"POP3D"	"SENT: +OK Send your password"
"POP3D"	"RECEIVED: PASS ***"
"POP3D"	"SENT: -ERR Invalid user name or password."
"POP3D"	"SENT: +OK POP3"
"POP3D"	"RECEIVED: CAPA"
"POP3D"	"SENT: +OK CAPA list follows[nl]USER[nl]UIDL[nl]TOP[nl]."
"POP3D"	"RECEIVED: USER office"
"POP3D"	"SENT: +OK Send your password"
"POP3D"	"RECEIVED: PASS ***"
"POP3D"	"SENT: -ERR Invalid user name or password."
"POP3D"	"RECEIVED: USER fax"
"POP3D"	"SENT: +OK Send your password"
"POP3D"	"RECEIVED: PASS ***"
"POP3D"	"SENT: -ERR Invalid user name or password.
"POP3D"	"RECEIVED: USER reception"
"POP3D"	"SENT: +OK Send your password"
"POP3D"	"RECEIVED: PASS ***"
"POP3D"	"SENT: -ERR Invalid user name or password."

These attempts usually mean brute-force attack on your POP3 server. They waste your server's resources - bandwidth, RAM, CPU and free disk space.

If some of your POP3 users have weak passwords, attackers may succeed and get access to the user's mailbox.

RdpGuard effectively protects your POP3 server from brute-force attacks.

RdpGuard works with POP3 ports or logs on your server to detect failed login attempts. If the number of failed login attempts from a single IP address reaches a set limit, the attacker's IP address will be blocked.

For Windows XP, Vista, 7, 8, 8.1, 10 and Windows Server 2003 (R2), 2008 (R2), 2012 (R2), 2016

See Also

How to enable and configure POP3 Brute-Force Protection

RdpGuard 5.4.9 Free Trial

RdpGuard protects:

Social Connection
RdpGuard Logo
 
People like RdpGuard!
Our Other Products
FastGlacier
Windows Client for Amazon Glacier - new low-cost storage for data archiving and backup.
Copyright © 2012-2018 NetSDK Software. All rights reserved.  Terms of Use.  Privacy Policy.