This attack is very old, the problem is that 110 is the only service that autenticate the logins and password (introduced by user and pass)... In the net is a program that automate this process called pop3hack, you just made 2 dictionaries 1 for logins and the other full of common passwords and u just have to wait. I think the solution isnt disable this port, the solution is just limit the number of tries to enter the valid user/password (3 times max).. because this service is just used to gain access using random entries, the problem not consist en the autentication, consist en the ilimited number of tries in conjuntion with the autentication is just like the login programs in conjuntion with the finger command info. Efrain Torres Uniandes Bogota-Colombia