>>> On 7/8/2015 at 02:38 PM, Rick Troth <r...@casita.net> wrote: 

> If the system in question is externally facing, it's likely that you're
> getting hit by a brute force attack. It is common. (Picture vagrants
> walking down your street trying every door, with a ring of door keys,
> just for analogy.)
> 
> Some shops and individuals employ tools to make note of the incoming
> addresses (like you suggested) of these rogue actors and block them. If
> an IP address demonstrating a lot of failed logins turns out to be for
> an internet cafe in Kathmandu, and the system in question does not
> support business there, it's a good idea to block it.

My mother-in-law's Linux system has a list of blocked IP address and ranges of 
IP addresses.  The list in total contains 89,000+ entries.  Some of those 
entries are entire class B subnets.  Nine of them are /10 networks.  Lots and 
lots of bad actors out there.


Mark Post

----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
----------------------------------------------------------------------
For more information on Linux on System z, visit
http://wiki.linuxvm.org/

Reply via email to