SMTP Attacks

Mailing List

Home

Forum Home

Linux - General Red Hat Linux discussion list

Installation - Getting started with Red Hat Linux

Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)

Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)

Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)

Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)

Apache Web Server

Oracle database, Microsoft SQL server ...

Subjects

•	application/x mplayer2 plugin
•	RPM error: db4 error(16) from dbenv >remove: Device or resource busy
•	Command stream end of file while reading
•	X Windows problem (xauth)
•	Upgrading openoffice 1 1 rpm
•	FTP: connection refused
•	FTP: connection refused
•	mount: /dev/cdrom: is not a valid block device
•	Dell Precision 650, RedHat 9, no sound
•	how to trace the cause resulting in the crash of bind server
•	Virus on the list
•	UNINSTALL RPM MYSQL
•	usb pen drives: mounting as a user
•	broadcom network interface
•	make mrproper
•	sendmail configuration on redhat
•	Couldn 't open PID file /var/run/named/named pid Permission denied
•	Promise 378 controller
•	kernel 2 6 and /dev/sound/mixer not found
•	Problem using up2date
•	mrtg step by step howto/configuration for a newbie?
•	Compiling and Installing Kernel 2 6
•	Can 't locate module ppp0, can 't locate module ppp compress 21
•	HOW I CAN MAKE BOOTABLE FLOPPY DISKET
•	Lotus Notes under Wine
•	/etc/security/limits conf question
•	Intel E/1000 driver
•	Command stream end of file while reading
•	rpm database corrupt
•	qla2300 modules

SMTP Attacks

SMTP Attacks

2006-10-24 - By Rick Stevens

Back

Reply: << 11 12 13 14 15 16 17 18 19

On Tue, 2006-10-24 at 11:46 -0700, Harold Hallikainen wrote:
> > On Tue, Oct 24, 2006 at 10:43:37AM -0700, Rick Stevens wrote:
> >> I'm rather hesitant to post it publicly. I can only say that these
> >> are the networks I've had the most trouble with and the ones that have
> >> ignored my requests to block such behavior. I'm NOT condemning everyone
> >> on these networks, but there seems to be a lot of *ssholes on them.
> >>
> >> Ah, hell, I'll throw caution to the winds. Here's the iptables rules
> >> I've developed:
> >>
> >> # Block traffic from known spam sources...
> >> -A INPUT -s 201.42/15 -p tcp -j DROP
> >
> > And in other news, Rick Stevens has been named as an additional
> > defendant in I360 Insight's lawsuit against The Spamhaus Project....
> >
> > :-)
> >
> >
> >> -A INPUT -s 200.176.112/21 -p tcp -j DROP
> >> -A INPUT -s 202.158.29.0/255.255.255.0 -p tcp -j DROP
> >> -A INPUT -s 203.228.187.0/255.255.255.0 -p tcp -j DROP
> >> -A INPUT -s 209.223.0.0/255.255.0.0 -p tcp -j DROP
> >> -A INPUT -s 218.0.0.0/255.0.0.0 -p tcp -j DROP
> >> -A INPUT -s 219.251.88.0/255.255.252.0 -p tcp -j DROP
> >
> >
>
> I might mess around with another copy of the sshblack script and have it
> watch the mail logs and block IP addresses that appear to be attacking the
> server. I already have a copy watching the ssh log and another watching
> the httpd log.

There's a pretty cool iptables thing that will watch for X connections
from a specific IP in a given time period and will automatically block
that IP for some length of time. See this link:

http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO-3 (See http://WTO-3.ora-code.com).html
#ss3.16

-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --
- Rick Stevens, Senior Systems Engineer rstevens@(protected) -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- I was married by a judge. I should have asked for a jury. -
- -- Groucho Marx -
-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- --

__ ____ ____ ____ ____ ____ ____ ____ ____ ____
Redhat-install-list mailing list
Redhat-install-list@(protected)
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request@(protected)
Subject: unsubscribe