SMTP Attacks

Rick Stevens rstevens at vitalstream.com
Tue Oct 24 21:01:16 UTC 2006 

On Tue, 2006-10-24 at 11:46 -0700, Harold Hallikainen wrote:
> > On Tue, Oct 24, 2006 at 10:43:37AM -0700, Rick Stevens wrote:
> >> I'm rather hesitant to post it publicly.  I can only say that these
> >> are the networks I've had the most trouble with and the ones that have
> >> ignored my requests to block such behavior.  I'm NOT condemning everyone
> >> on these networks, but there seems to be a lot of *ssholes on them.
> >>
> >> Ah, hell, I'll throw caution to the winds.  Here's the iptables rules
> >> I've developed:
> >>
> >> # Block traffic from known spam sources...
> >> -A INPUT -s 201.42/15 -p tcp -j DROP
> >
> > And in other news, Rick Stevens has been named as an additional
> > defendant in I360 Insight's lawsuit against The Spamhaus Project....
> >
> > :-)
> >
> >
> >> -A INPUT -s 200.176.112/21 -p tcp -j DROP
> >> -A INPUT -s 202.158.29.0/255.255.255.0 -p tcp -j DROP
> >> -A INPUT -s 203.228.187.0/255.255.255.0 -p tcp -j DROP
> >> -A INPUT -s 209.223.0.0/255.255.0.0 -p tcp -j DROP
> >> -A INPUT -s 218.0.0.0/255.0.0.0 -p tcp -j DROP
> >> -A INPUT -s 219.251.88.0/255.255.252.0 -p tcp -j DROP
> >
> >
> 
> I might mess around with another copy of the sshblack script and have it
> watch the mail logs and block IP addresses that appear to be attacking the
> server. I already have a copy watching the ssh log and another watching
> the httpd log.

There's a pretty cool iptables thing that will watch for X connections
from a specific IP in a given time period and will automatically block
that IP for some length of time.  See this link:

http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO-3.html#ss3.16

----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-     I was married by a judge.  I should have asked for a jury.     -
-                                                   -- Groucho Marx  -
----------------------------------------------------------------------

More information about the Redhat-install-list mailing list