How do I prevent IMAP attacks

Owned by Nathaniel Halbrooks
Sep 11, 2024
1 min read

Usually IMAP attacks occur over 143 TCP (IMAP) and 443 TCP (API, HTTPS). 

The following steps may prevent such an attack:.  

  1. Block the offending IP(s) at the site's network firewall/router.  The drawback to this would be the attacker coming from another IP.

  2. Create access rules at the network firewall/router to allow only specific IPs to pass.  

  3. Create a block rule for all other IPs.  

  4. If there are remote users connection from home or roaming, they'll likely have dynamic IPs (changing IPs).  The way around this is to have the remote user connect to the office VPN, then they'll be able to access internal servers such as the PBX.

  5. On the PBX, go to Server -> Access Controls.  Use the same idea as the network firewall/router.  Create rules to allow specific remote users or outside SIP providers.  

  6. Uncheck IMAP, both APIs, and Web Admin for the All Networks rule.

Unable to render {include} The included page could not be found.