Re: Brute force attacks in various ports

> On 26 Jul 2016, at 21:35, Benny Pedersen wrote: > > On 2016-07-26 19:55, Lefteris Tsintjelis wrote: >> On 26 Jul 2016, at 20:36, Benny Pedersen wrote: >>> fail2ban based on pbl, but in fail2ban whitelist isp you have users in >> Is log parsing the only way? > >

Re: Brute force attacks in various ports

On 2016-07-26 19:55, Lefteris Tsintjelis wrote: On 26 Jul 2016, at 20:36, Benny Pedersen wrote: fail2ban based on pbl, but in fail2ban whitelist isp you have users in Is log parsing the only way? if you dont like maintained solutions yes note keep a long blacklist time on

Re: Brute force attacks in various ports

Am 26.07.2016 um 19:55 schrieb Lefteris Tsintjelis: > On 26 Jul 2016, at 20:36, Benny Pedersen wrote: >> >> fail2ban based on pbl, but in fail2ban whitelist isp you have users in > > Is log parsing the only way? > fail2ban is a good choice iptables with string and recent is

Re: Brute force attacks in various ports

Lefteris Tsintjelis: > Ever since postscreen is up and running I see very often from various IPs > this: > > Jul 26 20:05:25 mx postfix/smtps/smtpd[20590]: too many errors after AUTH > from unknown[109.167.202.37] fail2ban comes to mind. Wietse

Re: Brute force attacks in various ports

On 26 Jul 2016, at 20:36, Benny Pedersen wrote: > > fail2ban based on pbl, but in fail2ban whitelist isp you have users in Is log parsing the only way?

Re: Brute force attacks in various ports

On 2016-07-26 19:21, Lefteris Tsintjelis wrote: Is there a way to deal with them? fail2ban based on pbl, but in fail2ban whitelist isp you have users in its then a no maintaince localy

Brute force attacks in various ports

Ever since postscreen is up and running I see very often from various IPs this: Jul 26 20:05:25 mx postfix/smtps/smtpd[20590]: too many errors after AUTH from unknown[109.167.202.37] Jul 26 20:05:25 mx postfix/smtps/smtpd[20590]: disconnect from unknown[109.167.202.37] ehlo=1 auth=0/1