[BlueOnyx:05148] DFix update
Greg Kuhnert
gkuhnert at compassnetworks.com.au
Thu Jul 29 21:54:31 -05 2010
Over the last few days, I have noticed two events on my servers.
The first one relates to SMTP auth failures. For some reason, I was
getting absolutely hammered with SMTP auth failures. I dont know why,
but PAM_ABL was not kicking in on the failures. DFIX now picks up these,
and blocks someone trying to attack via SMTP auth.
The next was ssh attacks. We've all seen "Did not receive identification
string from" messages... Denyhosts picks these up, and successfully
blocks further attack. However, I've noticed that a lot of the
miscreants out there keep trying to connect resulting in a truckload of
"refused connect from" ssh log messages. DFIX now picks up the "refused
connect from" messages, and blocks the attacker. If someone is
determined, this will at least block them from getting in on another port.
I've done one other minor change. There is a new log level available,
and I have moved the famous non-ip target error message to this new log
level.
Regards,
Greg.
--
+---------------------------------------------------------------------+
| / \ Greg Kuhnert, gkuhnert at compassnetworks.com.au |
|< o> Compass Networks - Pointing you in the right direction |
| \ / Come see us for BlueQuartz / BlueOnyx modules& Support. |
+---------------------------------------------------------------------+
More information about the Blueonyx
mailing list