Displaying 15 results from an estimated 15 matches for "forcers".
Did you mean:
forcer
2006 Nov 16
0
Re: IPTables Blocking Brute Forcers
...resses all together, or
just ban certain services.
-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
Behalf Of Brian Marshall
Sent: Thursday, November 16, 2006 9:33 AM
To: CentOS mailing list
Subject: Re: [CentOS] Re: IPTables Blocking Brute Forcers
Sweeeet!
I'll give it a shot.
Thanks Mike.
> From: <mike.redan at bell.ca>
> Reply-To: CentOS mailing list <centos at centos.org>
> Date: Thu, 16 Nov 2006 12:18:00 -0500
> To: <centos at centos.org>
> Conversation: [CentOS] Re: IPTables Blocking Brute Force...
2006 Nov 21
0
Re: IPTables Blocking Brute Forcers
On 07:09, Fri 17 Nov 06, Sudev Barar wrote:
> >You can use IPTables to limit the rate of connections. I allow only
2
> >connections from a given IP address within each 3 minute period.
> >
> >I know this is sloppy and lazy but can you post your iptables line
> >that does this?
>
>
> # Don't have a limit on my_trusted_domain
> iptables -A INPUT -p tcp
2011 Nov 30
12
duqu
There's an article on slashdot about the Duqu team wiping all their
intermediary c&c servers on 20 Oct. Interestingly, the report says that
they were all (?) not only linux, but CentOS. There's a suggestion of a
zero-day exploit in openssh-4.3, but both the original article, and
Kaspersky labs (who have a *very* interesting post of the story) consider
that highly unlikely, and the
1998 Jul 09
4
What is someone looking for??
I am currently blocking out netbios UDP port 137 on my firewall and was
wondering what the following means in terms of security:
Jul 9 16:19:05 oscar kernel: IP fw-in rej eth0 UDP SOMEONES_IP:137
MY_IP:137 L=78 S=0x00 I=46484 F=0x0000 T=111
I have gottena few 100 of these and was wondering if there are some
vulnerabilties related to netbios out there?? What do the S/I/F/L fields
stand for?? I
2017 Jul 18
1
under some kind of attack
...e=1800
>
> However, it seems almost all IPs are different, and I don't think I can
> keep the above settings permanently.
Why not? Limited by firewall rules overload? You could probably use
a persistent DB, can't you?
You can also use a third party RBL that specialized in brute forcers like
blocklist.de. You can also feed back fail2ban data and crowdsource BFD
data to them.
Joseph Tam <jtam.home at gmail.com>
2007 Nov 22
1
Toll fraud detection/password script
So I was bored yesterday and tried solving a few
problems with one stone:
1) Notify me of potential brute forcers (multiple attempts
to register multiple numbers from one address)
2) Notify me of (l)users who are having password issues
So I whipped up a simple script to run in cron and
notify me that UserX from X_IP_Space had X amout of
password issues. I'm currently running this from
cron and it works fi...
2013 Jul 03
4
dnsbl feature for dovecot
dnsbl's are a popular method to prevent listed ips from making
connections to mta software.
cf. postscreen_dnsbl_sites in postfix
Would it be possible to introduce such a feature in dovecot, so that
connections can be denied
based on a dnsbl lookup (where the precise dnsbls used are configurable)?
John
2007 Apr 26
1
Asterisk brute force watcher (was FYI)
...very high
> > termination rates. How does $25 per minute sound?
> >
> > Thanks,
> > Steve Totaro
> > http://www.asteriskhelpdesk.com
> > KB3OPB
>
> Ashtray is an Asterisk brute force watcher. Checks logs from cron and
> emails admin of potential brute forcers
> http://www.infiltrated.net/scripts/ashtray
>
> Can have it set in .bash_profile so whenever you log on, you'd see
> anomalies.
>
> --
> ====================================================
> J. Oquendo
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383...
2017 Jul 19
0
under some kind of attack
...I have increased it to two.
A timeout feature is handy here; even though you allow attackers several
kicks at the can, it will allow your users to eventually gain control
to their accounts again after a suitable penalty period.
>> You can also use a third party RBL that specialized in brute forcers like
>> blocklist.de. You can also feed back fail2ban data and crowdsource BFD
>> data to them.
>
> Yes, I will look into that now.
> ...
>
> Anyone aware of other blocklists that are worth bocking? Because the
> list.blocklist.de/lists/all.txt blocks some, but not an...
2017 Jul 25
0
under another kind of attack
...il2ban
to implement some of these things.)
There are other solutions like alternate ports, port knocking, certificate
authentication, or VPN, but they are hard/impossible to do with a large
userbase, or have high setup/amortization costs.
If you have a enforced strong password policy, these brute forcers have
little chance of succeeding, so maybe the easiest cheapest policy is to
ignore it.
Joseph Tam <jtam.home at gmail.com>
2012 Jan 01
11
an actual hacked machine, in a preserved state
(Sorry, third time -- last one, promise, just giving it a subject line!)
OK, a second machine hosted at the same hosting company has also apparently
been hacked. Since 2 of out of 3 machines hosted at that company have now
been hacked, but this hasn't happened to any of the other 37 dedicated
servers that I've got hosted at other hosting companies (also CentOS, same
version or almost),
2012 Jun 01
3
auth trouble
Debian Lenny, Dovecot v 1.0.15.
I'm getting a lot of what I think is a local socket asking
dovecot:auth to verify username/passwords:
> May 31 09:00:54 server dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=admin rhost=
Note the empty 'rhost='. That's why I think it's on the
server. I see others that look like bots:
2020 Apr 30
2
dreplsrv memory
Hi !
Since few months, dreplsrv is eating lots of memory in few days. Within 2 weeks, the process is generaly OOM killed and replication become weired. I need to restart samba-ad-dc.
Here is my config :
- Samba 4.11.6 / 4 vcpu / 2Go Ram
- 10215 objects (ldbs file = 300MB)
This memory problem only happen on my headbridge DC (star topolgy with 20 DC)
If I add some ram, the
2008 Apr 15
0
login ldap pdc
Hello,
I install samba-ldap-pdc on a ubuntu.
I join well the domain with root user, but when I restart, root or user
login don't work.
I can access to share via network with root or user login.
when I try under winXP pro to change security of a file, I can't access to
server user list : "bad user or passwd"
I've no error in log.smbd or debug
my smb.conf
[global]
smb ports
2007 May 09
6
List of telemarketers??
Does anyone know if there is a known list of telemarketers?
Something like http://whocalled.us/ with an easier access?
We could all benefit if there was such a thing :-)
If there is enough interest, I could put up a database that everyone can
benefit from.
I just need some suggestions on:
(1) Adding new numbers based on community responses (some rule to sanity
check)
(2) Method that everyone