While checking the mail log file, /var/log/maillog, on an email server today, I noticed an attempted login from an IP address in an address range I didn't recognize. The entry in the log file contained the following text:

I checked the country associated with the 94.136.51.56 IP address (ds7247.dedicated.turbodns.co.uk) with geoiplookup (you can install the GeoIP package on a CentOS Linux system with yum install GeoIP) and found it was an address assigned to an entity in Great Britain.

$ geoiplookup 94.136.51.56
GeoIP Country Edition: GB, United Kingdom
$

[ More Info ]

[/security/attacks/pop3] permanent link