[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Login attacks



On Wednesday 08 December 2004 13:54, HaJo Schatz wrote:
>On Thu, 2004-12-09 at 02:02, Randy Kelsoe wrote:
>> Serge de Souza wrote:
>> > Gerry Doris wrote:
>> >  > I had so many problems with the 218.0.0.0/24 domain that I
>> >  > totally
>> >>
>> >> blocked the entire domain.  I believe this domain is in Korea.
>
>Again missed an OP, maybe I should filter out any mail which
> contains the string "FC3" ;-)
>
>Most of these login-attempts originate from a WIN-Virus, Ie the
> attacks come from dial-up accounts of unsuspecting users. You're
> eventually blacklisting the whole internet if you continue that ;-)

OTOH, if such an address drops into my personal back hole with such a
rule, I'm the only one that loses if the perp cleans up his machine
and eventually becomes a good netizen.  I probably should not have my
nose so high that everyone can check the grooming from 10 paces, but
to me an infected winderz box should have the net cable cut with a
sharp pair of diagonals and not allow the cable to be repaired
until they have installed a secure os.  Winderz ain't it...  But,
thats just me, who is tired of all the viri they crank out by the
terrabyte on any given day.

I currently review the JunqueMail folder a couple of times a day so I
can train SA to do a better job.

>Go back in the archives, it was discussed about a month ago that it
>might make sense to temporarily (for some hours) block the IPs in
>question. After implementing a temporary block, my logs now show
> that the attackers fall into the trap (by trying root/pw), get
> rejected a few times on further attempts and do not come back after
> that.

>Besides -- I guess this method would even work for a real, human
>attacker. There are enough machines out there which justify *not* to
>wait for 5 hours to continue a brute-force attack.
>
>HaJo Schatz <hajo hajo net>

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
99.30% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com attorneys please note, additions to this message
by Gene Heskett are:
Copyright 2004 by Maurice Eugene Heskett, all rights reserved.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]