On 03/02/2014 01:10 PM, Gene Heskett wrote: > And while, in the early days, I was entertained by > watching its logs as the Chinese and NK folks as they > hammer away at a dictionary attack, but so far no one has > had the patience to get through a 20+ character pw. The most successful thing I found was denyhosts. It used to be an outside package you had to compile, now it is a standard package you can install. It checks the logs for login failures by source IP address, and after a settable number of failures from one IP, it puts that IP on the hosts.deny list. To the outside, it is as if your machine just went offline. It was VERRRY instructive to see what the botnets did with this. They intelligently probed from different machines to see what the timeout horizon of the blocking was. When they found out it was over 2 weeks, the botnets just quit trying! So, they keep a list of "tough" sites somewhere, and I got myself onto that. I went from 1000+ attempts a day down to 3, in 2 weeks. (By the way, my horizon is set to 6 MONTHS! If they are hackers, they can just leave me alone forever.)
Jon ------------------------------------------------------------------------------ Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis & security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk _______________________________________________ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
