On Wed, 9 Jun 2004, Brett Simpson wrote:
> The script ran with one error where "Possible" was used instead of an IP
> address.
Doh. Fixed version follows.
Regards,
David.
#!/bin/sh
#
# $Id: watch-dictionary-attacks,v 1.3 2004/06/09 17:09:24 dfs Exp $
#
# Run this from cron every 5-10 minutes.
On Wednesday 09 June 2004 12:23 pm, Ben Kamen wrote:
> How many bad recipients is acceptable? I have my throttling set at 2.
I'm throttling at 2 also.
> David F. Skoll wrote:
> > Hi,
> >
> > Are MIMEDefang list denizens seen a huge increase in dictionary attacks?
> > I know I am.
> >
> > Below is
Which brings up another thought:
That of using such gathered output to generate another DNSBL of some sort. ;)
How many bad recipients is acceptable? I have my throttling set at 2.
-Ben
David F. Skoll wrote:
Hi,
Are MIMEDefang list denizens seen a huge increase in dictionary attacks?
I know I am.
I have and I am also running something like that - I wrote a TCL script that
does exactly what you're talking about...
It's features are:
routes IP's into the 'route add -blackhole' almost immediately.
Runs continuously based on tcl's fileevent (as to not suck CPU time)
Keeps a table in /tm
Hi,
Are MIMEDefang list denizens seen a huge increase in dictionary attacks?
I know I am.
Below is a shell script I run from cron every 5 minutes to firewall off
hosts doing harvesting. It's Linux-specific, but can easily be
adapted for other systems.
Regards,
David.
#!/bin/sh
#
# $Id: watch-
5 matches
Mail list logo
