Michael Keuter wrote: >> Dan Ryson wrote: >>> All, >>> >>> It appears we're getting pounded by a kiddy script that's trying to >>> guess passwords. It's generating ~1,350 password guesses and log >>> entries per minute (see example below). Although I have strong >>> passwords, I'd like to block this effort by blocking this IP address. >>> >>> What's the preferred way to block a dictionary attack in AstLinux? I'm >>> presently using astlinux-0.6.4 on an x386 - with an external, hardware >>> firewall. I'd prefer to not use IP Tables because I suspect any entries >>> would be deleted whenever I upgrade versions. >>> >>> ~ Dan >>> >>> Registration from '"317" <sip:3...@72.93.15.14>' failed for >>> '85.214.69.155' - Wrong password >>> >> Actually, they wouldn't. >> >> Look at using /etc/arno-iptables-firewall/blocked-hosts >> >> 85.214.69.155/32 >> >> is all you need in there. >> >> -Philip > > A problem in Astlinux is, that before you can add an attacker to the > blocklist (when you see the attacks in realtime), the "/var/" > partition will be full within 2-3 minutes just because of the growing > syslog :-(. And from that point in time you do not have any logs at > all. Is there a way that the rotated log can automatically zipped?
You can set Arno's firewall not to log blocked attacks. That is an option. -- Darrick Hartman DJH Solutions, LLC http://www.djhsolutions.com ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensign option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
