Am 2007-09-28 07:06:14, schrieb Sam Varshavchik:
> There is no rate metering of this kind possible, but what exactly is the
> negative impact from this? This is an average of three and a half probes
> per second, which, if you weren't looking at the logs, you would've never
> noticed.
In theori
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michelle Konzack wrote:
> In theorie... -- but they hit me periodicaly with over 200 per second.
You're seeing 200 hits a second! From the same ip addresses or
different ones all the time?
Since no single ip address should be hitting your server t
Michelle Konzack writes:
Since arround one week I have very heavy Dictionary attacs (over 30
per day from more then 7000 different IP's) on my courier-mta which
servs for 17.000 users in the french gov.
On the list they used the following to stop it.
But how can I do this with ?
I like t
Sam Varshavchik wrote:
> Gordon Messmer writes:
>
>> Sam, you've mentioned before that refactoring the code to run filters
>> after rewriting the message would be difficult, but wouldn't you just
>> need to move the "run_filter" block of code later in
>> SubmitFile::MessageEnd? That would give fi
Michelle Konzack wrote:
> Today morning I was hit at ~08:00 CET arround 17 minutes from
> 86 different IP's and each IP had 30-80 hits per second.
>
> Now imagine the server support 17000 users and the switch
> on there computers between 08:00 and 09:00...
>
> iptables dos unfortunatly not work
Since arround one week I have very heavy Dictionary attacs (over 30
per day from more then 7000 different IP's) on my courier-mta which
servs for 17.000 users in the french gov.
On the list they used the following to stop it.
But how can I do this with ?
I like to reduce the faild connectio
Am 2007-09-28 22:10:01, schrieb Jeff Jansen:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Michelle Konzack wrote:
> > In theorie... -- but they hit me periodicaly with over 200 per second.
>
> You're seeing 200 hits a second! From the same ip addresses or
> different ones all the time
For the paranoid (like myself), there's always fail2ban
( http://www.fail2ban.org/ ). It worked perfectly for me in stopping
bruteforce attacks on my ssh port.
Basically it monitors a log and bans (with iptables, for example) IPs
for a period of time after a certain number of authentication failur
Michelle Konzack wrote:
>
> Today morning I was hit at ~08:00 CET arround 17 minutes from
> 86 different IP's and each IP had 30-80 hits per second.
>
> Which make in summary over 4.100.000 hits.
>
> My logfiles explode!!! 8 GByte in less then 17 minutes.
Log entries for each "hit" were 20K?
I'd follow Jeff's advise - rate limiting via IP tables, but I'd add "-i
" to each of those lines.
I am assuming that your email server has multiple network connections
and the attacks are coming from the external interface, not the internal
one.
That way, you don't have ANY impact on your 17,000
10 matches
Mail list logo
