>Dan Ryson wrote: >> All, >> >> It appears we're getting pounded by a kiddy script that's trying to >> guess passwords. It's generating ~1,350 password guesses and log >> entries per minute (see example below). Although I have strong >> passwords, I'd like to block this effort by blocking this IP address. >> >> What's the preferred way to block a dictionary attack in AstLinux? I'm >> presently using astlinux-0.6.4 on an x386 - with an external, hardware >> firewall. I'd prefer to not use IP Tables because I suspect any entries >> would be deleted whenever I upgrade versions. >> >> ~ Dan >> >> Registration from '"317" <sip:3...@72.93.15.14>' failed for >>'85.214.69.155' - Wrong password >> > >Actually, they wouldn't. > >Look at using /etc/arno-iptables-firewall/blocked-hosts > >85.214.69.155/32 > >is all you need in there. > >-Philip
A problem in Astlinux is, that before you can add an attacker to the blocklist (when you see the attacks in realtime), the "/var/" partition will be full within 2-3 minutes just because of the growing syslog :-(. And from that point in time you do not have any logs at all. Is there a way that the rotated log can automatically zipped? Michael ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensign option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
