On Feb 3, 2008, at 9:12 PM, Ted Unangst wrote:
you still don't gain anything. what percentage of your traffic is
coming from unallocated space?
I'm not disagreeing with you in that it's wasted effort. It is. This
is why I personally use overload tables.
On 2/2/08, johan beisser <[EMAIL PROTECTED]> wrote:
> Not entirely true. Bogons are not supposed to be routed, or routable.
> It doesn't mean someone can't just throw up a BGP advert for a Bogon
> range and start using it, or intentionally spoof addresses from the
> route.
you still don't gain any
On Feb 2, 2008, at 6:32 AM, Wijnand Wiersma wrote:
I don't think bogons are able to complete the TCP handshake since you
don't know how to route back. Filtering those will not make sure there
are less log messages about ssh logins
Not entirely true. Bogons are not supposed to be routed, or
I don't think bogons are able to complete the TCP handshake since you
don't know how to route back. Filtering those will not make sure there
are less log messages about ssh logins
Wijnand
On Sat, Feb 02, 2008 at 12:47:54PM +0100, Martin Schr?der wrote:
> 2008/2/2, elpinguim <[EMAIL PROTECTED]>:
> > On Fri, Feb 01, 2008 at 05:28:11PM +0100, Martin Schr?der wrote:
> > > No. This just adds another way for things to go wrong. KISS. :-)
> >
> > Really, what things? Script it, set cron t
On Sat, Feb 02, 2008 at 05:26:59AM -0600, Tony Abernethy wrote:
> elpinguim wrote:
> > On Fri, Feb 01, 2008 at 05:28:11PM +0100, Martin Schr?der wrote:
> > > 2008/2/1, elpinguim <[EMAIL PROTECTED]>:
> > > > Configuring pf to not even respond to unallocated ip space also
> > > > helps. Search for B
2008/2/2, elpinguim <[EMAIL PROTECTED]>:
> On Fri, Feb 01, 2008 at 05:28:11PM +0100, Martin Schr?der wrote:
> > No. This just adds another way for things to go wrong. KISS. :-)
>
> Really, what things? Script it, set cron to call it, done. Simple.
"IP addresses that are bogon today may not be bo
elpinguim wrote:
> On Fri, Feb 01, 2008 at 05:28:11PM +0100, Martin Schr?der wrote:
> > 2008/2/1, elpinguim <[EMAIL PROTECTED]>:
> > > Configuring pf to not even respond to unallocated ip space also
> > > helps. Search for Bogon filtering.
> >
> > No. This just adds another way for things to go w
On Fri, Feb 01, 2008 at 05:28:11PM +0100, Martin Schr?der wrote:
> 2008/2/1, elpinguim <[EMAIL PROTECTED]>:
> > Configuring pf to not even respond to unallocated ip space also
> > helps. Search for Bogon filtering.
>
> No. This just adds another way for things to go wrong. KISS. :-)
Really, what
2008/2/1, elpinguim <[EMAIL PROTECTED]>:
> Configuring pf to not even respond to unallocated ip space also
> helps. Search for Bogon filtering.
No. This just adds another way for things to go wrong. KISS. :-)
But I can understand that Penguins think it's a great idea.
Best
Martin
On Fri, Feb 01, 2008 at 06:11:17PM +1100, Chris wrote:
> my logs are filled with useless ssh bruteforce attempts - is there
> anything i can do to avoid logging random brute force attacks? since i
> disallow ssh root login and use the allowuser acl - i guess i could
> just avoid logging all these r
Dennis Davis <[EMAIL PROTECTED]> writes:
> /usr/ports/sysutils/expiretable
>
> for an easy way to set this up, either as a daemon process or run out
> of cron.
recent versions of pfctl has expire functionality built in, but
expiretable still works too
--
Peter N. M. Hansteen, member of the firs
On Fri, 1 Feb 2008, Matt wrote:
> From: Matt <[EMAIL PROTECTED]>
> To: Chris <[EMAIL PROTECTED]>
> Cc: OpenBSD Misc
> Date: Fri, 01 Feb 2008 09:25:02 +0100
> Subject: Re: avoid logging useless ssh brute force attempts
>
...
> One of the suggestions I have se
On Fri, Feb 01, 2008 at 06:11:17PM +1100, Chris wrote:
> my logs are filled with useless ssh bruteforce attempts - is there
> anything i can do to avoid logging random brute force attacks? since i
> disallow ssh root login and use the allowuser acl - i guess i could
> just avoid logging all these r
On 1/02/2008, at 9:11 PM, Richard Toohey wrote:
On 1/02/2008, at 8:39 PM, Peter N. M. Hansteen wrote:
Chris <[EMAIL PROTECTED]> writes:
my logs are filled with useless ssh bruteforce attempts - is there
anything i can do to avoid logging random brute force attacks?
since i
disallow ssh ro
Chris schreef:
my logs are filled with useless ssh bruteforce attempts - is there
anything i can do to avoid logging random brute force attacks? since i
disallow ssh root login and use the allowuser acl - i guess i could
just avoid logging all these random attacks in my logs.
Any suggestions wou
On 1/02/2008, at 8:39 PM, Peter N. M. Hansteen wrote:
Chris <[EMAIL PROTECTED]> writes:
my logs are filled with useless ssh bruteforce attempts - is there
anything i can do to avoid logging random brute force attacks?
since i
disallow ssh root login and use the allowuser acl - i guess i cou
Chris <[EMAIL PROTECTED]> writes:
> my logs are filled with useless ssh bruteforce attempts - is there
> anything i can do to avoid logging random brute force attacks? since i
> disallow ssh root login and use the allowuser acl - i guess i could
> just avoid logging all these random attacks in my
I've simply added in an overload rule to pf on my server. This has
helped significantly.
On Jan 31, 2008, at 11:11 PM, Chris wrote:
my logs are filled with useless ssh bruteforce attempts - is there
anything i can do to avoid logging random brute force attacks? since i
disallow ssh root logi
my logs are filled with useless ssh bruteforce attempts - is there
anything i can do to avoid logging random brute force attacks? since i
disallow ssh root login and use the allowuser acl - i guess i could
just avoid logging all these random attacks in my logs.
Any suggestions would be much apprec
20 matches
Mail list logo
