Need help!
Frank Wiles
frank at wiles.org
Sun May 1 18:03:26 CDT 2005
On Sat, 30 Apr 2005 21:52:02 -0700 (PDT)
Jack <quiet_celt at yahoo.com> wrote:
> I would like to add a secondary MX box. It's on my
> wish list. However, I don't see how that would make it
> a non-issue. If I take one box down, then the second
> one would become the attack target. I'm looking for
> solution to reduce the attacks. The box is a "busy
> box", that is running several services. It runs the
> firewall, webserver, mail server and of course is also
> hosting ssh access. The primary attack is focused on
> the sshd. The system is running stable with one or two
> services apt-pinned to testing and has the latest
> patches. I've analysed the system remotely a little
> and didn't see any indications of the system actually
> getting cracked. I'm primarily looking for techniques
> and suggesstions on ways to further lock out these
> crackers, without bogging down the box. Also on the
> remote checking of the system, what are some favorite
> tools for this?
The best way to lock out these attackers is to simply use
iptables to block their IPs from accessing your system. It
doesn't prevent a DoS on your available bandwidth, but it keeps
them from bugging your system. I'm not sure why this hasn't
been suggested before.
---------------------------------
Frank Wiles <frank at wiles.org>
http://www.wiles.org
---------------------------------
More information about the Kclug
mailing list