Mailinglist Archive: opensuse (1632 mails)
| < Previous | Next > |
Re: [opensuse] dictionary attacks
- From: Patrick Shanahan <ptilopteri@xxxxxxxxx>
- Date: Tue, 17 Jul 2007 19:20:28 -0400
- Message-id: <20070717232028.GJ18160@xxxxxxxxxxxxxxx>
* Richard Creighton <ricreig@xxxxxxxxx> [07-17-07 17:05]:
> Thank you very much....Obviously despite everything, I must have
> fat-fingered something somewhere. After a cut and paste session PLUS a
> system reboot (something I very rarely do in Linux), I ended up with:
...
A quick simple solution for one or two... addresses: enable
SuSEfirewall-custom and add to
/etc/sysconfig/scripts/SuSEfirewall-custom
iptables -I INPUT 1 -s <address.as.dotted.quad> -j DROP
I now use fail2ban to help keep my logs in tow :^)
tail /var/log/fail2ban.log
2007-07-17 15:17:48,638 fail2ban.actions: WARNING [postfix-tcpwrapper] Unban 203.239.102.253
2007-07-17 16:16:59,593 fail2ban.actions: WARNING [postfix-tcpwrapper] Ban 88.233.59.219
2007-07-17 16:21:59,842 fail2ban.actions: WARNING [postfix-tcpwrapper] Unban 88.233.59.219
2007-07-17 17:16:40,567 fail2ban.actions: WARNING [postfix-tcpwrapper] Ban 74.212.33.47
2007-07-17 17:20:11,928 fail2ban.actions: WARNING [postfix-tcpwrapper] Ban 196.12.206.93
2007-07-17 17:21:41,075 fail2ban.actions: WARNING [postfix-tcpwrapper] Unban 74.212.33.47
2007-07-17 17:23:26,242 fail2ban.actions: WARNING [postfix-tcpwrapper] 196.12.206.93 already banned
2007-07-17 17:25:12,589 fail2ban.actions: WARNING [postfix-tcpwrapper] Unban 196.12.206.93
2007-07-17 17:26:43,823 fail2ban.actions: WARNING [postfix-tcpwrapper] Ban 75.73.74.254
2007-07-17 17:31:43,980 fail2ban.actions: WARNING [postfix-tcpwrapper] Unban 75.73.74.254
just added ssh and http filters and stopped denyhosts. Testing phase.
I like the basics of fail2ban, and I sense that it will get better.
It is packaged by Rauch Christian <info@........de>
type = rpm-md
name = suser-crauch
baseurl = ftp://ftp.gwdg.de/pub/linux/misc/suser-crauch/....
--
Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711
http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2
Registered Linux User #207535 @ http://counter.li.org
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
> Thank you very much....Obviously despite everything, I must have
> fat-fingered something somewhere. After a cut and paste session PLUS a
> system reboot (something I very rarely do in Linux), I ended up with:
...
A quick simple solution for one or two... addresses: enable
SuSEfirewall-custom and add to
/etc/sysconfig/scripts/SuSEfirewall-custom
iptables -I INPUT 1 -s <address.as.dotted.quad> -j DROP
I now use fail2ban to help keep my logs in tow :^)
tail /var/log/fail2ban.log
2007-07-17 15:17:48,638 fail2ban.actions: WARNING [postfix-tcpwrapper] Unban 203.239.102.253
2007-07-17 16:16:59,593 fail2ban.actions: WARNING [postfix-tcpwrapper] Ban 88.233.59.219
2007-07-17 16:21:59,842 fail2ban.actions: WARNING [postfix-tcpwrapper] Unban 88.233.59.219
2007-07-17 17:16:40,567 fail2ban.actions: WARNING [postfix-tcpwrapper] Ban 74.212.33.47
2007-07-17 17:20:11,928 fail2ban.actions: WARNING [postfix-tcpwrapper] Ban 196.12.206.93
2007-07-17 17:21:41,075 fail2ban.actions: WARNING [postfix-tcpwrapper] Unban 74.212.33.47
2007-07-17 17:23:26,242 fail2ban.actions: WARNING [postfix-tcpwrapper] 196.12.206.93 already banned
2007-07-17 17:25:12,589 fail2ban.actions: WARNING [postfix-tcpwrapper] Unban 196.12.206.93
2007-07-17 17:26:43,823 fail2ban.actions: WARNING [postfix-tcpwrapper] Ban 75.73.74.254
2007-07-17 17:31:43,980 fail2ban.actions: WARNING [postfix-tcpwrapper] Unban 75.73.74.254
just added ssh and http filters and stopped denyhosts. Testing phase.
I like the basics of fail2ban, and I sense that it will get better.
It is packaged by Rauch Christian <info@........de>
type = rpm-md
name = suser-crauch
baseurl = ftp://ftp.gwdg.de/pub/linux/misc/suser-crauch/....
--
Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711
http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2
Registered Linux User #207535 @ http://counter.li.org
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |