Party
Josh Paetzel
josh at tcbug.org
Thu Sep 28 06:39:18 PDT 2006
On Thursday 28 September 2006 02:26, soralx at cydem.org wrote:
> > garbage, in my inbox. It seems after every ssh-bruteforce wave,
> > there's a spike in spam distribution. So the problem just keeps
> > showing up. To me, it seems like there's hordes of vandals
> > running about torching the town, and generally causing havoc. I
> > guess I just
>
> What can be done to keep the logs neat (i.e., free from the
> ssh-bruteforce garbage) is this: for a given number of login
> failures (e.g., 8), add an ipfw rule that blocks all traffic from
> the offending IP#. Of course, this has got to be automatized
> (script?). I used to add the rules manually, as an experiment, and
> I found that attacks from one IP# do repeat, though very seldom
> (the period may be as long as a few months). The rule list will
> grows without bounds :( I figure, this reduces the amount of
> recieved spam slightly too.
> Yes, not a novel idea (to phrase it soflty); yet, I actually tested
> it, found that there's net gain from doing that (as small as it may
> be), and no noticeable bad consequences.
>
> [SorAlx] ridin' VN1500-B2
Between AllowUsers and disabling password authentication via ssh it
sort of amuses me to see people try to get in on the few machines
that I have to allow global ssh access to. Perhaps I have a sick
sense of humor. I have also noticed that the IPs are different every
day, although I once had over 1000 attempts a day for 2 weeks
straight from the same IP. I sure wish I could've sent that one a
smug taunting email. There are tons of scripts that can add IPs to
firewalls after x number of attemps floating around, I could probably
dodge a lot of it by running ssh on an alternate port, but then I'd
have to find something besides reading the logs to amuse myself with.
Spam on the other hand is a more vexing problem. Sure, I apply the
usual band-aids, SA, RBLs, configuring Postfix to not play nicely
with non RFC compliant clients but for all that I'm treating symptoms
instead of the disease.
The only viable solution to the problem of spam that I can see (and
I'm positive that it would never happen) is an international agency
tasked to track down and punish the people responsible for spam.
They'd have to have the power to go after these people no matter what
country they were hiding in, the resources to make a dent in the
problem, and the cooperation of a significant percentage of mail
admins on the net.
Perhaps a slightly more likely scenario would be to make it a crime to
run an open relay? I'd also like to see ISPs take measures to
protect the net from trojaned windows machines on high-speed DSL and
cable connections....perhaps allowing access only to their
mailservers?
Anyways, enough pipe dreams, I have to get back to reading my logs.
--
Thanks,
Josh Paetzel
More information about the freebsd-chat
mailing list