Re: [qmailtoaster] Firewall block
On Tuesday 27 July 2010 08:04 PM, Scott Hughes wrote: Jake, I have been using fail2ban prior to having a QMT server. It's one of the best defense programs I have seen! With ssh, is it better to change the port number in the ssh configuration or at the OS level? Thanks, Scott Change it in your /etc/ssh/sshd_config file. What exactly do you mean at the OS level? Bharath - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Firewall block
On 07/27/2010 10:34 AM, Scott Hughes wrote: Jake, I have been using fail2ban prior to having a QMT server. It's one of the best defense programs I have seen! With ssh, is it better to change the port number in the ssh configuration or at the OS level? I change it in the SSH config file myself. - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Firewall block
Jake, I have been using fail2ban prior to having a QMT server. It's one of the best defense programs I have seen! With ssh, is it better to change the port number in the ssh configuration or at the OS level? Thanks, Scott On Jul 27, 2010, at 9:29 AM, Jake Vickers wrote: > On 07/27/2010 10:13 AM, Scott Hughes wrote: >> Thanks for the replies. I'll check into changing the port. >> >> Scott >> >> >> >> On Jul 27, 2010, at 8:51 AM, Maxwell Smart wrote: >> >> >>> I use a non standard port and that stops 99.99% of it. If you can't do >>> that there is a list out in the ether of IP's by nation and you can put >>> them in your iptables. You'll use whole subnets and not just individual >>> ips. >>> >>> CJ >>> >>> On 07/27/2010 05:31 AM, Scott Hughes wrote: >>> Is there a way to block all of the apnic IP address blocks at one time? I am seeing a lot of ssh attempts from China. Since I don't send or receive email with China, I'd like to just block them at the firewall en mass (instead of one net block at a time). Any ideas? Thanks, Scott > > I change the port and use fail2ban to monitor the login attempts. > > > - > Qmailtoaster is sponsored by Vickers Consulting Group > (www.vickersconsulting.com) > Vickers Consulting Group offers Qmailtoaster support and installations. > If you need professional help with your setup, contact them today! > - >Please visit qmailtoaster.com for the latest news, updates, and packages. > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > > - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
RE: [qmailtoaster] Firewall block
You can do what I've done. Build yourself a bridging firewall. Then set iptables up in your bridging firewall to block any and all attempts to ssh from outside your network. This way you can do all kinds of cool stuff like packet filter out Viagra and what ever else trips your trigger. Joel -Original Message- From: Scott Hughes [mailto:sonicscott9...@gmail.com] Sent: Tuesday, July 27, 2010 7:32 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Firewall block Is there a way to block all of the apnic IP address blocks at one time? I am seeing a lot of ssh attempts from China. Since I don't send or receive email with China, I'd like to just block them at the firewall en mass (instead of one net block at a time). Any ideas? Thanks, Scott - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Firewall block
On 07/27/2010 10:13 AM, Scott Hughes wrote: Thanks for the replies. I'll check into changing the port. Scott On Jul 27, 2010, at 8:51 AM, Maxwell Smart wrote: I use a non standard port and that stops 99.99% of it. If you can't do that there is a list out in the ether of IP's by nation and you can put them in your iptables. You'll use whole subnets and not just individual ips. CJ On 07/27/2010 05:31 AM, Scott Hughes wrote: Is there a way to block all of the apnic IP address blocks at one time? I am seeing a lot of ssh attempts from China. Since I don't send or receive email with China, I'd like to just block them at the firewall en mass (instead of one net block at a time). Any ideas? Thanks, Scott I change the port and use fail2ban to monitor the login attempts. - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Firewall block
Thanks for the replies. I'll check into changing the port. Scott On Jul 27, 2010, at 8:51 AM, Maxwell Smart wrote: > I use a non standard port and that stops 99.99% of it. If you can't do that > there is a list out in the ether of IP's by nation and you can put them in > your iptables. You'll use whole subnets and not just individual ips. > > CJ > > On 07/27/2010 05:31 AM, Scott Hughes wrote: >> Is there a way to block all of the apnic IP address blocks at one time? >> >> I am seeing a lot of ssh attempts from China. Since I don't send or receive >> email with China, I'd like to just block them at the firewall en mass >> (instead of one net block at a time). >> >> Any ideas? >> >> Thanks, >> Scott >> >> >> >> >> - >> Qmailtoaster is sponsored by Vickers Consulting Group >> (www.vickersconsulting.com) >> Vickers Consulting Group offers Qmailtoaster support and installations. >> If you need professional help with your setup, contact them today! >> - >> Please visit qmailtoaster.com for the latest news, updates, and >> packages. >> >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com >> >> > > -- > Cecil Yother, Jr. "cj" > cj's > 2318 Clement Ave > Alameda, CA 94501 > > tel 510.865.2787 > http://yother.com > > > - > Qmailtoaster is sponsored by Vickers Consulting Group > (www.vickersconsulting.com) > Vickers Consulting Group offers Qmailtoaster support and installations. > If you need professional help with your setup, contact them today! > - >Please visit qmailtoaster.com for the latest news, updates, and packages. > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > > - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Firewall block
On 27/07/2010 4:51 PM, Maxwell Smart wrote: I use a non standard port and that stops 99.99% of it. If you can't do that there is a list out in the ether of IP's by nation and you can put them in your iptables. You'll use whole subnets and not just individual ips. CJ On 07/27/2010 05:31 AM, Scott Hughes wrote: Is there a way to block all of the apnic IP address blocks at one time? I am seeing a lot of ssh attempts from China. Since I don't send or receive email with China, I'd like to just block them at the firewall en mass (instead of one net block at a time). Any ideas? Thanks, Scott - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com Just change default port of ssh, 99% of attempts are from scripts kiddies -- T.Bogdan http://www.direkt.ro -- - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] Firewall block
I use a non standard port and that stops 99.99% of it. If you can't do that there is a list out in the ether of IP's by nation and you can put them in your iptables. You'll use whole subnets and not just individual ips. CJ On 07/27/2010 05:31 AM, Scott Hughes wrote: Is there a way to block all of the apnic IP address blocks at one time? I am seeing a lot of ssh attempts from China. Since I don't send or receive email with China, I'd like to just block them at the firewall en mass (instead of one net block at a time). Any ideas? Thanks, Scott - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com -- Cecil Yother, Jr. "cj" cj's 2318 Clement Ave Alameda, CA 94501 tel 510.865.2787 http://yother.com - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com