similar to: Iptables configuration to handle brute, force registrations?

On 04/05/2011 03:06 PM, asterisk-users-request at lists.digium.com wrote: > Message: 12 > Date: Tue, 5 Apr 2011 13:36:21 -0500 > From: Sherwood McGowan<sherwood.mcgowan at gmail.com> > Subject: Re: [asterisk-users] Iptables configuration to handle brute, > force registrations? > To: Asterisk Users Mailing List - Non-Commercial Discussion > <asterisk-users at

I added these rules to IPTABLES to slow brute force attacks. iptables -A INPUT -p tcp --dport 22 -s my_subnet/24 -j ACCEPT iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 5 --rttl --name SSH -j DROP I would like log entries when connections are dropped to see

Hello, all. I read this document about iptables recent module. http://blog.andrew.net.au/2005/02/16#ipt_recent_and_ssh_attacks and I would like to filter the excessive spam mail sending ip address by iptables recent module. and some questions. iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --set --name SPAM iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m

Hello All, I had problems with the security server, the server is frequently attacked using bruteforce attacks. Is there an application that can perform automatic blocking when there are failed login to the ports smtp, pop3 port, and others? I am currently using CentOS 5.5 in some servers Thanks in advanced....... -- -- Best regards, David http://blog.pnyet.web.id -------------- next part

I was wondering if anyone had implemented rules like this in shorewall: http://blog.andrew.net.au/tech I see tons of brute force attempts on the machines I administer, and I like the idea of limiting them without the need for extra daemons scanning for attacks. Thanks, Dale -- Dale E. Martin - dale@the-martins.org http://the-martins.org/~dmartin

Over the last two weeks, we have had at least two "incidents" where our asterisk server got flooded (a hundred or more per second) by SIP packets. Once from 114.31.50.10, second time from 173.212.200.146. We became aware of the problem when bandwidth started suffering because asterisk got very busy sending back replies or rejects (dunno which, I didn't investigate it any further).

I ask because I only receive attacks when I activate icecast. I can not do anything at the application level ?. i used ubuntu server 16.04. thanks. 2018-06-05 14:52 GMT-05:00 Alejandro Flores <alex at mordormx.net>: > I think you should contact to your connectivity provider, hopefully they > can provide you the Anti DDOS protection. > > > On Tue, Jun 5, 2018 at 2:16 PM,

Anyone know how to obtain firmware and starter .cfg files for Polycom phones? Despite registering at the Polycom web site, I can't locate this stuff.

This was sent to me regarding the wiki. ---------- Forwarded message ---------- From: "Martin Kon??ek" <mkonicek12 at gmail.com> Date: Mar 7, 2013 4:44 AM Subject: mistake on Securing SSH To: <timothy.ty.lee at gmail.com> Cc: Hi TImothy, I saw wiki http://wiki.centos.org/HowTos/Network/SecuringSSH and it is pretty good, but there is a mistake. *Instead of having* iptables

just wanted to get some feedback from the community. Over the last few days I have noticed my web server and email box have attempted to ssh'd to using weird names like admin,appuser,nobody,etc.... None of these are valid users. I know that I can block sshd all together with iptables but that will not work for us. I did a little research on google and found programs like sshguard and

Dear CentOS Community Is totally clear there's no support sendmail platform today, but I need to stop SMTP brute-force attack on sendmail. My server is attacked today, my maillog look like : 4624 at myserver.com>, proto=ESMTP, daemon=MTA, relay=myserver.com [127.0.0.1] Jun 14 19:07:01 at6412 sendmail[24627]: q5EN71jC024627: from=<>, size=3958, class=0, nrcpts=1,

Just curious... Is there anyone out there who has given this outfit money and actually received any service from them?

So I setup ssh on a server so I could do some work from home and I think the second I opened it every sorry monkey from around the world has been trying every account name imaginable to get into the system. What's a good way to deal with this?

Hello, I have well performing iptables in centos 5.2 and 5.3 : -A INPUT -m state --state NEW -m recent --update --seconds 60 --hitcount 1000 -p tcp --dport 25 -j LOG --log-prefix "FW DROP IP Flood: " Centos 5.5, updated today: Without -hitcount : iptables accept the line Including -hitcount : iptables brings an error message: Applying iptables firewall rules: iptables-restore:

Is there a convenient way to limit the number of call files (outgoing directory) that are processed concurrently? -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3234 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.digium.com/pipermail/asterisk-users/attachments/20090226/a46e68fa/attachment.bin

I have a Vitelity DID which generally works, but calls from a particular caller do not reach it. Vitelity has thus far disavowed any responsibility for working through this problem. I recognize that some action might be required by another provider which is outside Vitelity's control, but it seems that they should at least be trying to help resolve the problem by helping me determine

I recently sent this email to a user in response to a problem report of phone calls going to voicemail without the phone ringing. I'm wondering if I've covered all bases, or whether there is some logical explanation I haven't considered, and generally what others' opinions/experiences are that relate. This is an Asterisk system, of course. ------- I looked at the server logs

Hi, to prevent scripted dictionary attacks to sshd I applied those iptables rules: -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --set --name SSH --rsource And this is part of logwatch: sshd: Authentication Failures: unknown

Hi, I just migrated my office's server from Slackware64 14.1 to CentOS 7. So far everything's running fine, I just have a few minor details to work out. I removed the firewalld package and replaced it by a simple Iptables script: --8<---------------------------------------------------- #!/bin/sh # # firewall-lan.sh IPT=$(which iptables) MOD=$(which modprobe) SYS=$(which sysctl)

On Thu, 11 Apr 2019 at 13:24, Marc Roos via dovecot <dovecot at dovecot.org> wrote: > > > Say for instance you have some one trying to constantly access an > account > > > Has any of you made something creative like this: > > * configure that account to allow to login with any password > * link that account to something like /dev/zero that generates infinite