Login attacks
John Summerfield
debian at herakles.homelinux.org
Thu Dec 9 01:00:57 UTC 2004
On Thursday 09 December 2004 07:19, Kostas Sfakiotakis wrote:
> All i mean is that if someone just start's blocking entire ranges , then
> he might very well end up unable to surf half the Internet or even more .
> Is there a way to block for example the range from
> 64.0.0.1 to 64.0.0.25 leaving the other IP's free ?
We are talking about blocking incoming connexions. This has no implications
for outgoing.
In considering your firewall settings, review what services you offer and to
whom.
At school we have web, incoming and outcoming mail (SMTP and IMAP). And SSH
and VPN.
Web is theoretically accessible to all.
Ditto incoming mail.
VPN connexions are only appropriate from our local area.
Boss travels the world and wants access to his mail; one way to ensure this is
make imap accessible to all.
We'll assume nobody needs ssh connexions outside our area.
This clarifies what I can and cannot block: I can allow SSH for just our local
area, I can allow IMAP to our local area plus the areas the boss is likely to
visit, or a means for him to enable it remotely.
Note that if you're running your own mail service and have secondary MXes,
blocking selected areas with firewall rules is likely to be less effective
than you might expect; a significant amount of the spam that gets into my
setup does so through a designated MX.
I've recently created separate zones in my shorewall rules to be picky about
sources of ssh connexions and it's reduced the incidents of failed logins
significantly.
--
Cheers
John Summerfield
tourist pics: http://environmental.disaster.cds.merseine.nu/
More information about the fedora-list
mailing list