Displaying 15 results from an estimated 15 matches for "forcer".
Did you mean:
force
2006 Nov 16
0
Re: IPTables Blocking Brute Forcers
...resses all together, or
just ban certain services.
-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
Behalf Of Brian Marshall
Sent: Thursday, November 16, 2006 9:33 AM
To: CentOS mailing list
Subject: Re: [CentOS] Re: IPTables Blocking Brute Forcers
Sweeeet!
I'll give it a shot.
Thanks Mike.
> From: <mike.redan at bell.ca>
> Reply-To: CentOS mailing list <centos at centos.org>
> Date: Thu, 16 Nov 2006 12:18:00 -0500
> To: <centos at centos.org>
> Conversation: [CentOS] Re: IPTables Blocking Brute Forc...
2006 Nov 21
0
Re: IPTables Blocking Brute Forcers
On 07:09, Fri 17 Nov 06, Sudev Barar wrote:
> >You can use IPTables to limit the rate of connections. I allow only
2
> >connections from a given IP address within each 3 minute period.
> >
> >I know this is sloppy and lazy but can you post your iptables line
> >that does this?
>
>
> # Don't have a limit on my_trusted_domain
> iptables -A INPUT -p tcp
2011 Nov 30
12
duqu
There's an article on slashdot about the Duqu team wiping all their
intermediary c&c servers on 20 Oct. Interestingly, the report says that
they were all (?) not only linux, but CentOS. There's a suggestion of a
zero-day exploit in openssh-4.3, but both the original article, and
Kaspersky labs (who have a *very* interesting post of the story) consider
that highly unlikely, and the
1998 Jul 09
4
What is someone looking for??
I am currently blocking out netbios UDP port 137 on my firewall and was
wondering what the following means in terms of security:
Jul 9 16:19:05 oscar kernel: IP fw-in rej eth0 UDP SOMEONES_IP:137
MY_IP:137 L=78 S=0x00 I=46484 F=0x0000 T=111
I have gottena few 100 of these and was wondering if there are some
vulnerabilties related to netbios out there?? What do the S/I/F/L fields
stand for?? I
2017 Jul 18
1
under some kind of attack
...e=1800
>
> However, it seems almost all IPs are different, and I don't think I can
> keep the above settings permanently.
Why not? Limited by firewall rules overload? You could probably use
a persistent DB, can't you?
You can also use a third party RBL that specialized in brute forcers like
blocklist.de. You can also feed back fail2ban data and crowdsource BFD
data to them.
Joseph Tam <jtam.home at gmail.com>
2007 Nov 22
1
Toll fraud detection/password script
So I was bored yesterday and tried solving a few
problems with one stone:
1) Notify me of potential brute forcers (multiple attempts
to register multiple numbers from one address)
2) Notify me of (l)users who are having password issues
So I whipped up a simple script to run in cron and
notify me that UserX from X_IP_Space had X amout of
password issues. I'm currently running this from
cron and it works f...
2013 Jul 03
4
dnsbl feature for dovecot
dnsbl's are a popular method to prevent listed ips from making
connections to mta software.
cf. postscreen_dnsbl_sites in postfix
Would it be possible to introduce such a feature in dovecot, so that
connections can be denied
based on a dnsbl lookup (where the precise dnsbls used are configurable)?
John
2007 Apr 26
1
Asterisk brute force watcher (was FYI)
...very high
> > termination rates. How does $25 per minute sound?
> >
> > Thanks,
> > Steve Totaro
> > http://www.asteriskhelpdesk.com
> > KB3OPB
>
> Ashtray is an Asterisk brute force watcher. Checks logs from cron and
> emails admin of potential brute forcers
> http://www.infiltrated.net/scripts/ashtray
>
> Can have it set in .bash_profile so whenever you log on, you'd see
> anomalies.
>
> --
> ====================================================
> J. Oquendo
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x138...
2017 Jul 19
0
under some kind of attack
...I have increased it to two.
A timeout feature is handy here; even though you allow attackers several
kicks at the can, it will allow your users to eventually gain control
to their accounts again after a suitable penalty period.
>> You can also use a third party RBL that specialized in brute forcers like
>> blocklist.de. You can also feed back fail2ban data and crowdsource BFD
>> data to them.
>
> Yes, I will look into that now.
> ...
>
> Anyone aware of other blocklists that are worth bocking? Because the
> list.blocklist.de/lists/all.txt blocks some, but not a...
2017 Jul 25
0
under another kind of attack
...il2ban
to implement some of these things.)
There are other solutions like alternate ports, port knocking, certificate
authentication, or VPN, but they are hard/impossible to do with a large
userbase, or have high setup/amortization costs.
If you have a enforced strong password policy, these brute forcers have
little chance of succeeding, so maybe the easiest cheapest policy is to
ignore it.
Joseph Tam <jtam.home at gmail.com>
2012 Jan 01
11
an actual hacked machine, in a preserved state
(Sorry, third time -- last one, promise, just giving it a subject line!)
OK, a second machine hosted at the same hosting company has also apparently
been hacked. Since 2 of out of 3 machines hosted at that company have now
been hacked, but this hasn't happened to any of the other 37 dedicated
servers that I've got hosted at other hosting companies (also CentOS, same
version or almost),
2012 Jun 01
3
auth trouble
Debian Lenny, Dovecot v 1.0.15.
I'm getting a lot of what I think is a local socket asking
dovecot:auth to verify username/passwords:
> May 31 09:00:54 server dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=admin rhost=
Note the empty 'rhost='. That's why I think it's on the
server. I see others that look like bots:
2020 Apr 30
2
dreplsrv memory
...rt samba service every week.
Exemple :
My headbridge DC was restarted 3 days ago and, at start, total ram usage was 600MB.
One day later, it became to swap.
Now, today, my swap pretty full (624M/1024M)
On htop :
Samba : task[drepl] pre-fork master -> VIRT = 1789M / RES = 907M / MEM%=50
I will be forcer to restart samba-ad-dc in few days, in order to release RAM usage
Can you help me to troubleshoot is problem ?
Thank you so much
Best regards
2008 Apr 15
0
login ldap pdc
...MAILAN.LOCAL
netbios name = authlan
server string = Samba-LDAP PDC Server
domain master = Yes
local master = Yes
domain logons = Yes
os level = 64
security = milan.local
preferred master = Yes
#unix password sync = Yes
#passwd program = /usr/sbin/smbldap-passwd ?u %u
# l option ci-dessous permet de forcer un nouveau mot de passe a la
premiere connexion
#passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new
password*" %n\n"
ldap passwd sync = Yes
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=admin,dc=mailan,dc=local
ldap suffix = dc=mailan,dc...
2007 May 09
6
List of telemarketers??
Does anyone know if there is a known list of telemarketers?
Something like http://whocalled.us/ with an easier access?
We could all benefit if there was such a thing :-)
If there is enough interest, I could put up a database that everyone can
benefit from.
I just need some suggestions on:
(1) Adding new numbers based on community responses (some rule to sanity
check)
(2) Method that everyone