Login attacks

Wed Dec 8 15:39:40 UTC 2004

Isn't there a spammer database of dedicated spammer network 
addresses?  E.g. MAPS RBL. What's at hand is different: it isn't 
*mail* but *intrusion attempts* coming from an address that ought 
to get the address "RBL'd"

A mailinglist that put out the "list of intruders as of today" 
could easily keep our lists automagically updated.  Transferring 
the list contents to iptables is a (non)trivial script (non-trivial for 
iptables-newbie me).

cf: usenet Death Penalty in news.admin.net-abuse

Not a new concept, what is available?

Brian Brunner
brian.t.brunner at gai-tronics.com
(610)796-5838

>>> Gene Heskett <gene.heskett at verizon.net> 12/07/04 08:20PM >>>
On Tuesday 07 December 2004 17:46, Gerry Doris wrote:
>On Tue, 2004-12-07 at 15:24, Michael Yep wrote:
>> Hello
>>
>> In my LogWatch report I get many login attacks, many from the same
>> IP address.
>>
>> sshd:
>>     Authentication Failures:
>>        root (218.232.109.187): 59 Time(s)
>>        adm (218.232.109.187): 2 Time(s)
>>        apache (218.232.109.187): 1 Time(s)
>>        nobody (218.232.109.187): 1 Time(s)
>>        operator (218.232.109.187): 1 Time(s)
>>     Invalid Users:
>>        Unknown Account: 43 Time(s)
>>
>> I have permitRootLogin set to NO, and I use strong passwords, but
>> can I just add these IP addresses to hosts.deny?
>> and if so how would I set that up
>>
>>
>>
>> Michael Yep
>> Development / Technical Operations
>> RemoteLink, Inc.
>
>I had so many problems with the 218.0.0.0/24 domain that I totally
>blocked the entire domain.  I believe this domain is in Korea.
>
>--
>Gerry Doris <gdoris at rogers.com>

Another that bears blocking completely is 64.0.0.0/24 as its 100%
spam of the non-edible variety.  Ditto for 66.0.0.0/24.

Anybody else have any more to contribute?

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
99.30% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com attorneys please note, additions to this message
by Gene Heskett are:
Copyright 2004 by Maurice Eugene Heskett, all rights reserved.

-- 
fedora-list mailing list
fedora-list at redhat.com 
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list

*******************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept
for the presence of computer viruses.

www.hubbell.com - Hubbell Incorporated