On 12/21/2011 11:17 AM, Lyle Giese wrote:
> FYI,
> we have been under a concerted long term POP3 password attack from
> 216.231.134.98
>
> I have a host in front of our Surgemail servers running IPTables and am
> dropping all packets from this host. I have not had time to look into
> this, but it looks like a hosting company of some sort.
>
> Lyle Giese
> LCR Computer Services, Inc.
>

Just a quick followup, I have not looked to see if the attacker is gone, 
but the ISP (Continuum Data Centers, LLC) has already responding and it 
working on the issue from their end.

This POP3 brute force password attack was running for about 6 hrs before 
I noticed and adjusted the IPTables to cut him off.

Lyle