POP3 Brute-Force Protection
POP3 Protection Overview
RdpGuard protects your POP3 server from
brute-force attacks.
It works with POP3 ports or logs on your server to detect and block attacker's IP addresses when the number of failed login
attempts from the single IP address reaches a set limit.
Check the instructions below to learn how to enable and configure POP3 protection.
To Enable and Configure POP3 Protection
Start RdpGuard Dashboard and click on the link next to POP3
POP3 Protection Link in RdpGuard Dashboard
The POP3 Settings dialog will open:
POP3 Detection Engine Settings
Monitoring method for POP3 protocol
The following monitoring methods are supported for POP3 protocol:
Log based monitoring
The default option recommended for POP3 monitoring is through Logs. This method involves monitoring logs
of a specific POP3 server and is more efficient in terms of resource usage compared to
monitoring network traffic.
Moreover, it also supports SSL/TLS connections and detection of usernames.
POP3 Server
The following POP3 servers are supported for now:
Log files directory
Specify log files directory used by selected POP3 server.
Traffic based monitoring
The alternative option for monitoring POP3 is through traffic. This method can be used with any
POP3 server, but consumes more resources compared to monitoring via logs. It's also
important to note that this method does not provide support for SSL/TLS connections or detection of usernames.
POP3 Monitoring via Traffic
The following traffic based monitoring methods are supported
-
WinPcap
- Works on all Windows Editions, WinPcap must be installed.
-
Raw Sockets - Does not work on Windows Server 2008 or with firewalls.
POP3 port
You may specify multiple comma-separated ports for POP3 traffic monitoring.
|
