Hi, Has anyone on this list found the necessity to log/monitor brute force activity on dom0? I just noticed that looks like it might be a DoS but was not monitoring so need to install something, what are you currently using? Thanks in advance, Randy _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On 03/08/2011 10:40 AM, Randy Katz wrote:> Hi, > > Has anyone on this list found the necessity to log/monitor brute force > activity on > dom0? I just noticed that looks like it might be a DoS but was not > monitoring so > need to install something, what are you currently using? > > Thanks in advance, > Randy > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users > >I''m just using iptables on the Dom0 and blocking all traffic except from my local net. There''s no point in allowing any traffic to Dom0 except what you need for management. -- -- Steven G. Spencer, Network Administrator KSC Corporate - The Kelly Supply Family of Companies Office 308-382-8764 Ext. 231 Mobile 308-380-7957 _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On 03/08/2011 10:40 AM, Randy Katz wrote:> Hi, > > Has anyone on this list found the necessity to log/monitor brute force > activity on > dom0? I just noticed that looks like it might be a DoS but was not > monitoring so > need to install something, what are you currently using? > > Thanks in advance, > Randy > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users > >We just use iptables to restrict all traffic except our local network to the Dom0. You should only allow management IP''s to the Dom0, and that keeps it mostly pristine. The DomU''s are another story, but we use service based iptables rules for those, and only allow public services to the world. In addition, we use ossec-hids reporting for attack vectors on our other servers and a 1-strike rule for the IP''s that are using attack vectors against us. -- -- Steven G. Spencer, Network Administrator KSC Corporate - The Kelly Supply Family of Companies Office 308-382-8764 Ext. 231 Mobile 308-380-7957 _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users