[BlueOnyx:01030] Re: Brute Force DOS attackes

[Paul]

> The simple answer is yes. but you need to be more specific as to what
hardware you have, what kind of internet connection. if you dont what to
broadcast that in the 

> mailing list send email to amarentis at gmail.com

 

Andrew I am not sure what information you would require regarding my
hardware. I am using an old Dell GX150 so that I can teach myself about
BlueOnyx before setting up a more dedicated server later in the year. As for
my internet connection, this is cable broadband (Virgin 50mb, the fastest
Britain can offer!) and again I am not sure what information you require.
Also I feel cheeky sending emails like this.

 

> DenyHosts

> http://denyhosts.sourceforge.net/

 

Chris, having looked at denyhosts I had noted that this was for ssh. I have
ssh so that it is only accessible through my local network. However, they
are trying to gain access through my webmail.

 

> I'm assuming a BlueOnyx box...

> Install dFix and DenyHost or Fail2Ban. Greg just posted the other day  

> a wonderful tool. Here's his post in case you missed it:

 

Jeff, yes it is BlueOnyx which I love to bits! I had seen this post but
assumed it only applied to BlueLinQ. I will have another look later today
when I get home. Do I simply follow the instructions posted on the website
(http://www.compassnetworks.com.au/?page=newlinq) Having looked at them
before I had assumed that you had to have BlueLinQ for the registration
part.

 

> It is OK to have your server do the firewall functionality, but I would
not

> recommend it for a real solution. It is better to have that stuff detected

> before it gets to the servers. After the firewall is setup to detect and

> deal with the attack, then have the servers themselves protected from that

> type of attack, shut down if the server gets overloaded, rather then

> exploited. But it is just a suggestion.

 

Andrew, I am not sure what you are saying here. This is a home setup via a
router with a virtual server forwarding ports 80 and 25. Do you mean use
iptables so that an ip is blocked. On each occasion a different ip is being
used so really I need something that automatically adds the ip to the
iptables / deny.hosts.

 

> I use IPTABLES mpt_recent to handle brute force attacks on ssh, pop, and

> imap. ftp is a little more problematic but can be tuned for most
legitimate

> clients.

 

Stephanie I really need to look further at iptables. I am new to all this
and you must admit iptables can be a mind field for a beginner. I
unfortunately live in the UK (Manchester) and having tried ever college in
my area, the only Linux they teach is how to install Ubuntu and even that is
using the automatic install, which I would not use. Nothing further as they
say that no one is interested in Linux! (Politics! Microsoft used to give
funding to our schools and said they would pull out if schools started using
Linux! Of course Microsoft have now pulled out anyway!)

 

I intend to spend the weekend looking at, and trying to understand iptables
further, so may come back with further questions.

 

Finally, may I say thank you to all who replied it really shows the
"community spirit" and I hope I have not been to forward using first names.

 

Please reply to;

 

pcr1066 at gmail.com

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20090409/dde760db/attachment.html>