similar to: Defending againts simultanious attacks

Hi, Sory to bother you with my new-user questions. i've got one redhat 9 box, acting as email server using sendmail. it use local /etc/passwd. last week i've just finished setting up a server, centos 4.4 as a replacement mail server for the red hat 9. i mainly refereing the tutorial at http://www.howtoforge.com/virtual_users_postfix_courier_mailscanner_clamav_centos. with some

Hi, to prevent scripted dictionary attacks to sshd I applied those iptables rules: -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --set --name SSH --rsource And this is part of logwatch: sshd: Authentication Failures: unknown

Hello, What is the best way to protect multiuser systems from brute force attacks? I am setting up a relatively loose DenyHosts policy, but I like the idea of locking an account for a time if too many attempts are made, but to balance this with keeping the user from making a helpdesk call. What are some policies/techniques that have worked for this list with minimal hassle? Thanks! -Eugene

I have enabled the feature in sendmail.mc to check with spamhaus for spammers. However since this block is being made at MTA level, I would like to know is something can be done to obtain statistics of blocked attemps. thanks -- ------------------------------------------------------------ Erick Perez Panama Sistemas Integradores de Telefonia IP y Soluciones Para Centros de Datos Panama,

I'm looking for a way to deny access to dovecot from certain IP addresses, basically to help prevent brute force attacks on the server. Right now I'm using denyhosts which scans /var/log/secure for authentication failures which then can add an entry to /etc/hosts.deny, but since dovecot doesn't have tcp wrappers support, that doesn't do anything. It doesn't look like I can

I'd like to see a feature of the commercial ssh in openssh: AllowHosts xxx.yyy.xxx.yyy *.domain.net DenyHosts xxx.yyy.xxx.* name.domain.net This allows or denies connects from certain machines (including wildcard matching). Is there any chance for this feature to be included? No, we don't want to use tcp-wrapper for this. Bye.

Hey All, Our upstream provider requires the use of H323 and after several months (6!) of having problems with OH323 I've decided it might be worth biting the bullet and getting a cisco device that can gateway up to approximately 50 calls from SIP to H323. Would a 2500 or 2600 series do the job? Once we get to the point of 50 simultaneous calls hopefully we'll be able to get something

Hi, I just set up a web server... and my bandwidth is being eaten by some chinese folks trying to brute-force-ssh their way into the machine. Is there a simple way to banish either single IP addresses or, maybe even better, whole IP classes ? I know it's feasible with iptables, but is there something more easily configurable ? Cheers, Niki

Hi, i would like to know if anybody have implemented the authentication of dovecot against samba4 via secure ldap (SSL/TLS). I made it but in plain text through dovecot?s offical page: http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds http://wiki2.dovecot.org/AuthDatabase/LDAP But when i try to do it in a secure way i can?t make it work. Samba4 is listening by port 636 and dovecot is speaking

Hi, i would like to know if anybody have implemented the authentication of dovecot against samba4 via secure ldap (SSL/TLS). I made it but in plain text through dovecot?s offical page: http://wiki2.dovecot.org/AuthDatabase/LDAP/AuthBinds http://wiki2.dovecot.org/AuthDatabase/LDAP But when i try to do it in a secure way i can?t make it work. Samba4 is listening by port 636 and dovecot is speaking

> On 05 Mar 2015, at 10:45, Rowland Penny <rowlandpenny at googlemail.com> wrote: > > On 03/03/15 09:56, Izan D?ez S?nchez wrote: >> Hi again. I apologize for my vague previous question. After some investigation I can be much more precise in my consult. Furthermore, I think I found a bug? >> ... >> >> User "ids" is requesting a ticket to connect

On 05/03/15 15:23, Izan D?ezS?nchez wrote: > > > schnaggy <schnaggy <at> schnaggy.de> writes: > >> >>> On 05 Mar 2015, at 10:45, Rowland Penny <rowlandpenny <at> > googlemail.com> wrote: >>> On 03/03/15 09:56, Izan D?ez S?nchez wrote: >>>> Hi again. I apologize for my vague previous question. After some > investigation I

Hello: I have been looking into projects that will automatically restrict hacking attempts on my servers running CentOS 5. I think the two top contenders are: DenyHosts - http://denyhosts.sourceforge.net Fail2ban - http://www.fail2ban.org >From what I see, DenyHosts only blocks based on failed SSH attempts whereas Fail2ban blocks failed attempts for other access as well. The main benefit

Hello, I have been on a dynamic ip for about 5 years and have just upgraded to a static ip. I know I need to change my network setup on my eth0 nic to static and stop ddclient from trying to update my address but is there _really_ anything else I need to change. I have a couple of websites on this address using *:80 in my httpd.conf. I can easily change this but don't think it would really

Does anyone have a script that will notice a Rumplestiltskin type spam attack (where they try every name possible) and drop the sending into a block list? -- Chris Mason NetConcepts (264) 497-5670 Fax: (264) 497-8463 Int: (305) 704-7249 Fax: (815)301-9759 UK 44.207.183.0271 Cell: 264-235-5670 Yahoo IM: netconcepts_anguilla@yahoo.com -- This message has been scanned for viruses and

Hi, after reading the docs (no man page) and seeing a few example howtos, I see none for Centos specifically. I hereby offer to write this and even host it, and any other wiki-able howto you want, if you can school me on the first few steps relevant to how to link up the current rpmforge rpm for RHEL4-64. See, right now, the one for centos loads into the /usr/share/doc, which is an odd place

schnaggy <schnaggy <at> schnaggy.de> writes: > > > > On 05 Mar 2015, at 10:45, Rowland Penny <rowlandpenny <at> googlemail.com> wrote: > > > > On 03/03/15 09:56, Izan D?ez S?nchez wrote: > >> Hi again. I apologize for my vague previous question. After some investigation I can be much more precise > in my consult. Furthermore, I

Is anyone using asterisk with fail2ban? I have it working except it takes way more break-in attempts than what is set in "maxretry" in jail.conf For example, I get an email saying: "The IP 199.204.45.19 has just been banned by Fail2Ban after 181 attempts against ASTERISK." when "maxretry = 5" in jail.conf Perhaps someone else is experiencing this or has resolved it,

Hello, I've installed denyhosts on centos 5.3 trying to block automated attacks on ssh. It appears to be working in that entries are being added to /etc/hosts.deny yet the daily emails sent from denyhosts show only one ip being added perday when the total is many more than that. My config is below, i've gone over it and am not seeing what i missed. Suggestions welcome. I was also

Hi again. I apologize for my vague previous question. After some investigation I can be much more precise in my consult. Furthermore, I think I found a bug... Context: -Samba4 AD DC working fine with many user and machine accouns. -Windows7 client trying to connect via sqlplus to an oracle database residing in a Windows2008 server. Both machines are in the domain. -Server database is using