Am 2007-09-28 07:06:14, schrieb Sam Varshavchik:
There is no rate metering of this kind possible, but what exactly is the
negative impact from this? This is an average of three and a half probes
per second, which, if you weren't looking at the logs, you would've never
noticed.
In
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michelle Konzack wrote:
In theorie... -- but they hit me periodicaly with over 200 per second.
You're seeing 200 hits a second! From the same ip addresses or
different ones all the time?
Since no single ip address should be hitting your server
Michelle Konzack writes:
Since arround one week I have very heavy Dictionary attacs (over 30
per day from more then 7000 different IP's) on my courier-mta which
servs for 17.000 users in the french gov.
On the exim-user list they used the following to stop it.
But how can I do this with
Sam Varshavchik wrote:
Gordon Messmer writes:
Sam, you've mentioned before that refactoring the code to run filters
after rewriting the message would be difficult, but wouldn't you just
need to move the run_filter block of code later in
SubmitFile::MessageEnd? That would give filters
Michelle Konzack wrote:
Today morning I was hit at ~08:00 CET arround 17 minutes from
86 different IP's and each IP had 30-80 hits per second.
Now imagine the server support 17000 users and the switch
on there computers between 08:00 and 09:00...
iptables dos unfortunatly not work for
Since arround one week I have very heavy Dictionary attacs (over 30
per day from more then 7000 different IP's) on my courier-mta which
servs for 17.000 users in the french gov.
On the exim-user list they used the following to stop it.
But how can I do this with courier-mta?
I like to
Am 2007-09-28 22:10:01, schrieb Jeff Jansen:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michelle Konzack wrote:
In theorie... -- but they hit me periodicaly with over 200 per second.
You're seeing 200 hits a second! From the same ip addresses or
different ones all the time?
Today
For the paranoid (like myself), there's always fail2ban
( http://www.fail2ban.org/ ). It worked perfectly for me in stopping
bruteforce attacks on my ssh port.
Basically it monitors a log and bans (with iptables, for example) IPs
for a period of time after a certain number of authentication
Michelle Konzack wrote:
Today morning I was hit at ~08:00 CET arround 17 minutes from
86 different IP's and each IP had 30-80 hits per second.
Which make in summary over 4.100.000 hits.
My logfiles explode!!! 8 GByte in less then 17 minutes.
Log entries for each hit were 20K? The
I'd follow Jeff's advise - rate limiting via IP tables, but I'd add -i
external interface to each of those lines.
I am assuming that your email server has multiple network connections
and the attacks are coming from the external interface, not the internal
one.
That way, you don't have ANY
10 matches
Mail list logo
