RE: [PLUG] ssh brute force attacks & real time offending IP lists

Doug Crompton on 24 Jul 2007 19:29:41 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

RE: [PLUG] ssh brute force attacks & real time offending IP lists

From: Doug Crompton <doug@crompton.com>

To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>

Subject: RE: [PLUG] ssh brute force attacks & real time offending IP lists

Date: Tue, 24 Jul 2007 15:29:35 -0400 (EDT)

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

Banning entiire countires was the answer for me, especially for email. Send a message you don't want their junk. I have no reason to get legitimate email or connections from these nations anyhow and if I did I could add it back in on a per case basis. I have a very large access list for sendmail or should I call it no access! Doug. On Tue, 24 Jul 2007, Mark Baker wrote: > > however, keep in mind that this (and even my suggestion to a lesser > > degree) > > opens up some potential security/DDOS issues. for example, if you > base > > your > > access control list on data someone else is providing, it's possible > that > > either directly (feeding fake data) or indirectly (connection > spoofing) a > > mean person could put your own network blocks into said list, causing > some > > grief :) > > Sean, > > You're absolutely correct. There is a risk if you do not trust the > person providing the information, although I am sure most of us trust > the anti-spam lists provided with our spam assassin installs etc. > > I do think a list of brute-force offenders such as the one spamhaus > compiles would be very useful and one we could all benefit from. In > fact I am surprised a list like this hasnt been created. Does anyone > have am idea why this is? I am sure we arent the fist ones to have > this discussion. > > Mark > > ___________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug > "Those that sacrifice essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Ben Franklin (1759) **************************** * Doug Crompton * * Richboro, PA 18954 * * 215-431-6307 * * * * doug@crompton.com * * http://www.crompton.com * **************************** ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

References:

RE: [PLUG] ssh brute force attacks & real time offending IP lists
From: "Mark Baker" <mark.baker@hxti.com>

Prev by Date: RE: [PLUG] ssh brute force attacks & real time offending IP lists

Next by Date: [PLUG] [plug-announce] REMINDER: Thu, Jul 26, 2007: Linux + HDTV - HOWTO Build an OpenSource PVR(PLUG West@ Unisys in Malvern)

Previous by thread: RE: [PLUG] ssh brute force attacks & real time offending IP lists

Next by thread: RE: [PLUG] ssh brute force attacks & real time offending IP lists

Index(es):

Date

Thread