On Feb 3, 2008, at 9:12 PM, Ted Unangst wrote:
you still don't gain anything. what percentage of your traffic is
coming from unallocated space?
I'm not disagreeing with you in that it's wasted effort. It is. This
is why I personally use overload tables.
On 2/2/08, johan beisser [EMAIL PROTECTED] wrote:
Not entirely true. Bogons are not supposed to be routed, or routable.
It doesn't mean someone can't just throw up a BGP advert for a Bogon
range and start using it, or intentionally spoof addresses from the
route.
you still don't gain
On Fri, Feb 01, 2008 at 05:28:11PM +0100, Martin Schr?der wrote:
2008/2/1, elpinguim [EMAIL PROTECTED]:
Configuring pf to not even respond to unallocated ip space also
helps. Search for Bogon filtering.
No. This just adds another way for things to go wrong. KISS. :-)
Really, what things?
elpinguim wrote:
On Fri, Feb 01, 2008 at 05:28:11PM +0100, Martin Schr?der wrote:
2008/2/1, elpinguim [EMAIL PROTECTED]:
Configuring pf to not even respond to unallocated ip space also
helps. Search for Bogon filtering.
No. This just adds another way for things to go wrong. KISS.
2008/2/2, elpinguim [EMAIL PROTECTED]:
On Fri, Feb 01, 2008 at 05:28:11PM +0100, Martin Schr?der wrote:
No. This just adds another way for things to go wrong. KISS. :-)
Really, what things? Script it, set cron to call it, done. Simple.
IP addresses that are bogon today may not be bogon
On Sat, Feb 02, 2008 at 05:26:59AM -0600, Tony Abernethy wrote:
elpinguim wrote:
On Fri, Feb 01, 2008 at 05:28:11PM +0100, Martin Schr?der wrote:
2008/2/1, elpinguim [EMAIL PROTECTED]:
Configuring pf to not even respond to unallocated ip space also
helps. Search for Bogon filtering.
On Sat, Feb 02, 2008 at 12:47:54PM +0100, Martin Schr?der wrote:
2008/2/2, elpinguim [EMAIL PROTECTED]:
On Fri, Feb 01, 2008 at 05:28:11PM +0100, Martin Schr?der wrote:
No. This just adds another way for things to go wrong. KISS. :-)
Really, what things? Script it, set cron to call it,
I don't think bogons are able to complete the TCP handshake since you
don't know how to route back. Filtering those will not make sure there
are less log messages about ssh logins
Wijnand
On Feb 2, 2008, at 6:32 AM, Wijnand Wiersma wrote:
I don't think bogons are able to complete the TCP handshake since you
don't know how to route back. Filtering those will not make sure there
are less log messages about ssh logins
Not entirely true. Bogons are not supposed to be routed,
On 1/02/2008, at 8:39 PM, Peter N. M. Hansteen wrote:
Chris [EMAIL PROTECTED] writes:
my logs are filled with useless ssh bruteforce attempts - is there
anything i can do to avoid logging random brute force attacks?
since i
disallow ssh root login and use the allowuser acl - i guess i
Chris schreef:
my logs are filled with useless ssh bruteforce attempts - is there
anything i can do to avoid logging random brute force attacks? since i
disallow ssh root login and use the allowuser acl - i guess i could
just avoid logging all these random attacks in my logs.
Any suggestions
On 1/02/2008, at 9:11 PM, Richard Toohey wrote:
On 1/02/2008, at 8:39 PM, Peter N. M. Hansteen wrote:
Chris [EMAIL PROTECTED] writes:
my logs are filled with useless ssh bruteforce attempts - is there
anything i can do to avoid logging random brute force attacks?
since i
disallow ssh
On Fri, Feb 01, 2008 at 06:11:17PM +1100, Chris wrote:
my logs are filled with useless ssh bruteforce attempts - is there
anything i can do to avoid logging random brute force attacks? since i
disallow ssh root login and use the allowuser acl - i guess i could
just avoid logging all these
On Fri, 1 Feb 2008, Matt wrote:
From: Matt [EMAIL PROTECTED]
To: Chris [EMAIL PROTECTED]
Cc: OpenBSD Misc misc@openbsd.org
Date: Fri, 01 Feb 2008 09:25:02 +0100
Subject: Re: avoid logging useless ssh brute force attempts
...
One of the suggestions I have seen on this list is to enable
Dennis Davis [EMAIL PROTECTED] writes:
/usr/ports/sysutils/expiretable
for an easy way to set this up, either as a daemon process or run out
of cron.
recent versions of pfctl has expire functionality built in, but
expiretable still works too
--
Peter N. M. Hansteen, member of the first RFC
On Fri, Feb 01, 2008 at 06:11:17PM +1100, Chris wrote:
my logs are filled with useless ssh bruteforce attempts - is there
anything i can do to avoid logging random brute force attacks? since i
disallow ssh root login and use the allowuser acl - i guess i could
just avoid logging all these
2008/2/1, elpinguim [EMAIL PROTECTED]:
Configuring pf to not even respond to unallocated ip space also
helps. Search for Bogon filtering.
No. This just adds another way for things to go wrong. KISS. :-)
But I can understand that Penguins think it's a great idea.
Best
Martin
my logs are filled with useless ssh bruteforce attempts - is there
anything i can do to avoid logging random brute force attacks? since i
disallow ssh root login and use the allowuser acl - i guess i could
just avoid logging all these random attacks in my logs.
Any suggestions would be much
I've simply added in an overload rule to pf on my server. This has
helped significantly.
On Jan 31, 2008, at 11:11 PM, Chris wrote:
my logs are filled with useless ssh bruteforce attempts - is there
anything i can do to avoid logging random brute force attacks? since i
disallow ssh root
Chris [EMAIL PROTECTED] writes:
my logs are filled with useless ssh bruteforce attempts - is there
anything i can do to avoid logging random brute force attacks? since i
disallow ssh root login and use the allowuser acl - i guess i could
just avoid logging all these random attacks in my logs.
20 matches
Mail list logo
