Someone spoofing my IP and trying to hack in

I don't know how someone got my IP address for my home computer (which is a static IP) and is trying to brute force hack into my DA server. The problem is that I have whitelisted my IP address for obvious reasons and some how they are using it.

What can I do?

It's unlikely anyone is spoofing your IP address. The concept is very misunderstood, and here's why: If someone else spoofs your computer's IP address then your server will respond back to your computer, and not to the person who's spoofing your address.

There's no possible way to work around this that I know of or can conceive of.

Chances are it's something at your IP# that you don't know about. If it is a spoof it's strictly a DOS attack; the person can't ever use the attack to get into your server.

We had a client (a network engineer) who appeared to have this problem. Because he knew it was unlikely he put a bit of effort into the search and finally found a system he'd forgotten about, on his network, doing an attempted email login. He shut that off, and the problem disappeared.

Jeff

The only other thing that I can think of is that I had a virtual machine running. I run Linux on my desktop and needed to run something in Windows. I opened my virtual machine and ran the software. The software that I ran was a PST email importer for Zimbra. However, this was on my internal network (nothing to do with my DA server). Because it is a virtual machine that doesn't run very often I never installed antivirus software on it (including a firewall). Maybe someone got through my pfSense firewall using that virtual machine? Then used that virtual machine to attack my DA server?? I don't understand how that could happen, the odds seem very low to me.

The attached included user login attempts on dovecot and proftp.

The attached included user login attempts on dovecot and proftp.

Click to expand...

The attached what? I've got no idea what that means, but as I wrote; it's unlikely that anyone else is doing it, and even less likely that they could ever break in if they were.

The best way to find out is to change your static IP# if possible. If the attacks continue, then they're even more likely coming from your own network.

Jeff

I must have been thinking of something else when I typed the word "attached". Sorry for the confusion.

I think I figured it out and you were right. I had my old laptop running for a little while that day and since I've been using that laptop I changed my password on my email. So there is the login attempts.

Thanks for the push in the right direction to figure it out.