[BlueOnyx:04425] Re: can't stop this attack
Gerald Waugh
gwaugh at frontstreetnetworks.com
Fri May 7 07:59:23 -05 2010
On Fri, 2010-05-07 at 06:38 -0500, Gerald Waugh wrote:
> On Fri, 2010-05-07 at 19:31 +1000, Greg Kuhnert wrote:
>
> >
> > Let me ask you a question. Theoretically, pam_abl should block these
> > attacks automagically... What damage is the attack causing? Are you
> > concerned about load on your box, or about the possibility of a security
> > breach? If load is not a problem, just ignore it. pam_abl should keep em
> > out. If you are worried about load, give dfix a look. It will
> > dynamically create firewall rules to block these attacks... (This is
> > what I originally created it to do).
> >
> I do admin service on many systems, and have had dfix on a few.
> but there seemed to be a problem with blocking known good users.
> Not sure if it may be due to someone spoofing their IP.
> So we removed dfix from all.
>
> Gerald
More information about the Blueonyx
mailing list