What you can try doing is putting some services on a non standered port
(like SSH on port 4583) This will stop most (not all) attacks coming in at
port 22.
James
On Fri, May 15, 2009 at 8:21 PM, James B. Byrne wrote:
> On: Thu, 14 May 2009 13:00:09 -0700, Scott Silva
> wrote:
> >
> > http://pac
On: Thu, 14 May 2009 13:00:09 -0700, Scott Silva
wrote:
>
> http://packages.sw.be/fail2ban/
>
Thank you, got it.
In the meantime I revised my existing iptables rules to throttle
connections to ssh, pop3, imap and ftp (which service is not running
in any case).
Thanks for all the help from every
Hi!
I suggest another software, OSSEC (http://www.ossec.net/).
It's more complete (and complex) than fail2ban.
Regards,
--
William
--
Prognus Software Livre
http://www.prognus.com.br
2009/5/15 Robert Heller
> At Thu, 14 May 2009 13:00:09 -0700 CentOS maili
At Thu, 14 May 2009 13:00:09 -0700 CentOS mailing list
wrote:
>
>
>
> on 5-14-2009 11:46 AM James B. Byrne spake the following:
> > On: Thu, 14 May 2009 08:48:36 -0700, Bill Campbell
> > wrote:
> >> You might look at fail2ban which can automatically create
> >> iptables blocks when things li
on 5-14-2009 11:46 AM James B. Byrne spake the following:
> On: Thu, 14 May 2009 08:48:36 -0700, Bill Campbell
> wrote:
>> You might look at fail2ban which can automatically create
>> iptables blocks when things like this happen.
>>
>
> I went to the source forge website, but the rh rpm is inacce
James B. Byrne wrote:
> I went to the source forge website, but the rh rpm is inaccessible.
> I really do not wish to join yet another mailing list simply to
> report this so if anyone here is a member there as well please let
> them know.
looks like they already know..
http://www.fail2ban.org/w
On Thu, May 14, 2009 at 8:46 PM, James B. Byrne wrote:
>
>
> I went to the source forge website, but the rh rpm is inaccessible.
> I really do not wish to join yet another mailing list simply to
> report this so if anyone here is a member there as well please let
> them know.
>
> Regards,
>
> --
>
On: Thu, 14 May 2009 08:48:36 -0700, Bill Campbell
wrote:
>
> You might look at fail2ban which can automatically create
> iptables blocks when things like this happen.
>
I went to the source forge website, but the rh rpm is inaccessible.
I really do not wish to join yet another mailing list simp
On Thu, May 14, 2009 at 9:46 AM, James B. Byrne wrote:
> Over the weekend one of our servers at a remote location was
> hammered by an IP originating in mainland China. This attack was
> only noteworthy in that it attempted to connect to our pop3 service.
About 6 years ago, the POP3 port on one
James B. Byrne writes:
>
> Over the weekend one of our servers at a remote location was
> hammered by an IP originating in mainland China. This attack was
> only noteworthy in that it attempted to connect to our pop3 service.
>
> We have long had an IP throttle on ssh connections to discourage
On Thu, May 14, 2009 at 5:48 PM, Bill Campbell wrote:
> On Thu, May 14, 2009, James B. Byrne wrote:
> >Over the weekend one of our servers at a remote location was
> >hammered by an IP originating in mainland China. This attack was
> >only noteworthy in that it attempted to connect to our pop3 s
On Thu, May 14, 2009, James B. Byrne wrote:
>Over the weekend one of our servers at a remote location was
>hammered by an IP originating in mainland China. This attack was
>only noteworthy in that it attempted to connect to our pop3 service.
You might look at fail2ban which can automatically crea
On May 14, 2009, at 9:46 AM, James B. Byrne wrote:
> 2. Moving pass the obvious and unhelpful "everything", what services
> are particularly vulnerable to these types of attacks? Does a list
> exist anywhere?
If it's reachable over the 'net, it will eventually get pounded.
POP, IMAP, SMTP Auth
Over the weekend one of our servers at a remote location was
hammered by an IP originating in mainland China. This attack was
only noteworthy in that it attempted to connect to our pop3 service.
We have long had an IP throttle on ssh connections to discourage
this sort of thing. But I had not co
14 matches
Mail list logo