> From [email protected] Wed May 30 13:48:05 2012 > Date: Wed, 30 May 2012 13:47:34 -0500 > To: Robert Bonomi <[email protected]> > From: Jorge Biquez <[email protected]> > Subject: Re: Firewall, blocking POP3 > Cc: [email protected] > > Hello. > > Thanks a lot!. Simple an elegant solution. > > I just did that and of course it worked.... I just was wondering... > what if I need to have the service working BUT want to block those > break attemps? IN this and other services. ? > My guess is that it is a never ending process? I mean, block one, > block another, another, etc?
If one knows the address-blocks that legitimate customers will be using, one can block off access from 'everywhere else'. > What the people who has big servers running for hosting services are > doing? Or you just have a policy of strng passworrds, server > up-todate and let the attemps to try forever? There are tools like 'fail2ban' that can be used to lock out persistant doorknob-rattlers. Also, one can do things like allow mail access (POP, IMAP, 'whatever') only via a port that is 'tunneled' through an SSH/SSL connection. This eliminates almost all doorknob rattling on the mail access ports, but gets lots of attempts on the SSH port. Which is generally not a problem, since the SSH keyspace is vastly larger, and more evenly distributed, than that for plaintext passwords. To eliminate virtually all the 'noise' from SSH doorknob-rattling, run it on a non-standard port. This does =not= increase the actual security of the system, but it does greatly reduce the 'noise' in the logs -- so any actual attack attempt is much more obvious. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[email protected]"
