David S. Madole wrote:
>
> If you are talking about the suggestion I made, which looked like this:
>
> iptables -A INPUT -p tcp --dport 22 \
> -m state --state NEW \
> -m recent --update --seconds 60 -j DROP
>
> iptables -A INPUT -p tcp --dport 22 \
> -m state --state
On Tue, May 22, 2007 at 11:14:49AM -0400, Robert Banz wrote:
> *security people seem to obsess on "perfect" solutions. It bothers me.
No, _real_ security people know that there is NO perfect solution. You
always have to balance the cost of the defenses with the cost of the
thing you want to prot
David S. Madole wrote:
>> From Matthew Schumacher on Monday, May 21, 2007 6:35 PM
>>
>> I agree with Blake, while I can do it with IPtables it's not
>> a good solution.
>>
>> The first iptables suggestion blocked the offending IP, which
>> is fine, but also requires me to babysit the server. The
Matthew Schumacher wrote:
May 21 11:02:01 larry pop3[5945]: badlogin: [83.209.35.32] plaintext
cristopher SASL(-13): authentication failure: checkpass failed
May 21 11:02:02 larry pop3[5965]: badlogin: [83.209.35.32] plaintext
easter SASL(-13): authentication failure: checkpass failed
May 21 11:0
On May 22, 2007, at 10:34, Philip H. O'Neill wrote:
We do the same but there is an issues.
One File::Tail delays polling the log for up to 30 seconds unless you
tell it otherwise. So it will allow a number of attempts before
reading
the log. If you increase the polling you add load to the s
We do the same but there is an issues.
One File::Tail delays polling the log for up to 30 seconds unless you
tell it otherwise. So it will allow a number of attempts before reading
the log. If you increase the polling you add load to the system. Not
much but some.
We like the idea of adding the t
m
> To: info-cyrus@lists.andrew.cmu.edu
> Subject: Connection throttling POP3.
>
> List,
>
> I'm getting some spammer trying to guess usernames and passwords:
>
> May 21 11:01:55 larry pop3[5845]: badlogin: [83.209.35.32] plaintext bob
> SASL(-13): authentication failure: checkp
On May 21, 2007, at 21:50, Daniel O'Connor wrote:
On Tuesday 22 May 2007 05:10, Matthew Schumacher wrote:
I'm getting some spammer trying to guess usernames and passwords:
I use the following to protect my SSH server (well not the SSH server
per se, just me reading logfiles the next day)
ht
On Tuesday 22 May 2007 05:10, Matthew Schumacher wrote:
> I'm getting some spammer trying to guess usernames and passwords:
I use the following to protect my SSH server (well not the SSH server
per se, just me reading logfiles the next day)
http://www.gsoft.com.au/~doconnor/brute-force-mitigatio
David S. Madole wrote:
From Matthew Schumacher on Monday, May 21, 2007 6:35 PM
The first iptables suggestion blocked the offending IP, which is
fine, but also requires me to babysit the server. The second
suggestion would correctly limit connections, but if I'm reading it
right, would lump all
> From Matthew Schumacher on Monday, May 21, 2007 6:35 PM
>
> I agree with Blake, while I can do it with IPtables it's not
> a good solution.
>
> The first iptables suggestion blocked the offending IP, which
> is fine, but also requires me to babysit the server. The
> second suggestion would c
Blake Hudson wrote:
>
> These types of threats are becoming more and more common and in reaction
> awareness is increasing and more software seems to be implementing
> mechanisms to cope. I would personally love to see Cyrus implement some
> sort of connection limit or throttling per IP/network/us
> On Mon, 21 May 2007, Matthew Schumacher wrote:
>
>> List,
>>
>> And this spammer is racking up a zillion processes which
is killing
>> my machine. I need a way to throttle this somehow where
he is only
>> allowed one connection per IP at a time, or perhaps a way
to ignore
>> them after so
On Mon, May 21, 2007 at 03:36:34PM -0500, Blake Hudson wrote:
> Andrew Morgan wrote:
> > On Mon, 21 May 2007, Matthew Schumacher wrote:
> >
> >> And this spammer is racking up a zillion processes which is killing my
> >> machine. I need a way to throttle this somehow where he is only allowed
> >>
Andrew Morgan wrote:
> I believe there are also some solutions to monitor
> connections and automatically add IP addresses to the /etc/hosts.deny
> file, but I've never used them myself.
Fail2ban will do this (and more) see http://fail2ban.sourceforge.net/
If your system uses PAM, it's also worth
Andrew Morgan wrote:
> On Mon, 21 May 2007, Matthew Schumacher wrote:
>
>> List,
>>
>> And this spammer is racking up a zillion processes which is killing my
>> machine. I need a way to throttle this somehow where he is only allowed
>> one connection per IP at a time, or perhaps a way to ignore th
On Mon, 21 May 2007, Matthew Schumacher wrote:
List,
I'm getting some spammer trying to guess usernames and passwords:
May 21 11:01:55 larry pop3[5845]: badlogin: [83.209.35.32] plaintext bob
SASL(-13): authentication failure: checkpass failed
May 21 11:01:54 larry pop3[5860]: badlogin: [83.20
mu.edu
Subject: Connection throttling POP3.
List,
I'm getting some spammer trying to guess usernames and passwords:
May 21 11:01:55 larry pop3[5845]: badlogin: [83.209.35.32] plaintext bob
SASL(-13): authentication failure: checkpass failed
May 21 11:01:54 larry pop3[5860]: badlogin: [83.209.35.32
List,
I'm getting some spammer trying to guess usernames and passwords:
May 21 11:01:55 larry pop3[5845]: badlogin: [83.209.35.32] plaintext bob
SASL(-13): authentication failure: checkpass failed
May 21 11:01:54 larry pop3[5860]: badlogin: [83.209.35.32] plaintext
complaints SASL(-13): authentic
19 matches
Mail list logo
