subject:"\[WISPA\] Brute Force Attacks"

Re: [WISPA] Brute Force Attacks

2010-10-25 Thread Robert West

Using it but as suggested, changed the timeout to 7 days.

 

 

 

From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On
Behalf Of Josh Luthman
Sent: Monday, October 25, 2010 12:25 AM
To: WISPA General List
Subject: Re: [WISPA] Brute Force Attacks

 

I suggest using the SSH blacklist script from Butch.  I use it myself and it
works perfectly.  If you are already, increase the duration to 7d.

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373



On Mon, Oct 25, 2010 at 12:23 AM, Robert West 
wrote:

Ssh.  I blocked ssh from the get-go so they haven't a chance anyhow.

 

 

 

From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On
Behalf Of Scott Piehn
Sent: Sunday, October 24, 2010 11:06 PM
To: WISPA General List


Subject: Re: [WISPA] Brute Force Attacks

 

What do you consider a brute force attack?

 

We tarpit traffic coming into our network on ssh, ftp, etc.  then put an
exception list for known server customers.  

 

I am always looking to identify and block extra stuff at our border

 

 



Scott Piehn
- Original Message - 

From: RickG <mailto:rgunder...@gmail.com>  

To: WISPA General List <mailto:wireless@wispa.org>  

Sent: Sunday, October 24, 2010 9:44 PM

Subject: Re: [WISPA] Brute Force Attacks

 

Not here. What ip range?

On Sun, Oct 24, 2010 at 10:20 PM, Robert West 
wrote:

Is it just me or is everyone having their gateway servers attacked by those
Chinese so-and so's?  (WISPA REGS)

 

My logs show attacks all weekend on all of my MT gateways.  Sad  

 

Never had that before.  Even the Routerboard I use at the house.
RELENTLESS!  

 

Just sharing  They get swatted off so it's all good but it's interesting
to watch their attack

 

Moving on.

 

Steve-

 

 

 

 

 






WISPA Wants You! Join today!
http://signup.wispa.org/



WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

 

  _  





WISPA Wants You! Join today!
http://signup.wispa.org/


 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/






WISPA Wants You! Join today!
http://signup.wispa.org/



WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

 




WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

Re: [WISPA] Brute Force Attacks

2010-10-25 Thread Robert West

Create a user, aardvark,  password aardvark  Let them login with no rights!
Over in a second!

 

Tried it on the home MT Routerboard  They WIN!  Oh, heck...  no use.
They moved on.

 

Was all in fun!

 

 

 

From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On
Behalf Of Robert West
Sent: Monday, October 25, 2010 12:27 AM
To: 'WISPA General List'
Subject: Re: [WISPA] Brute Force Attacks

 

Brute force attack.  Various user names, various passwords.  Dictionary
attack.  Seems to be happening all the time now. 

 

 

 

From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On
Behalf Of Scott Piehn
Sent: Sunday, October 24, 2010 11:06 PM
To: WISPA General List
Subject: Re: [WISPA] Brute Force Attacks

 

What do you consider a brute force attack?

 

We tarpit traffic coming into our network on ssh, ftp, etc.  then put an
exception list for known server customers.  

 

I am always looking to identify and block extra stuff at our border

 

 



Scott Piehn
- Original Message - 

From: RickG <mailto:rgunder...@gmail.com>  

To: WISPA General List <mailto:wireless@wispa.org>  

Sent: Sunday, October 24, 2010 9:44 PM

Subject: Re: [WISPA] Brute Force Attacks

 

Not here. What ip range?

On Sun, Oct 24, 2010 at 10:20 PM, Robert West 
wrote:

Is it just me or is everyone having their gateway servers attacked by those
Chinese so-and so's?  (WISPA REGS)

 

My logs show attacks all weekend on all of my MT gateways.  Sad  

 

Never had that before.  Even the Routerboard I use at the house.
RELENTLESS!  

 

Just sharing  They get swatted off so it's all good but it's interesting
to watch their attack

 

Moving on.

 

Steve-

 

 

 

 

 






WISPA Wants You! Join today!
http://signup.wispa.org/



WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

 

  _  





WISPA Wants You! Join today!
http://signup.wispa.org/


 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/




WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

Re: [WISPA] Brute Force Attacks

2010-10-25 Thread Glenn Kelley

i hear ya there
There are a few alternatives -  depending on the relationship you have w/ your 
upstream
but I hear ya - 


On Oct 25, 2010, at 12:32 PM, Bret Clark wrote:

> Cogent is one of our providers and that would be an idea, but we have several 
> upstream providers that we peer with via BGP.  The usages isn't an issue for 
> as we have enough Internet bandwidth, but it is amazing the amount of illegal 
> traffic that comes into our network in terms of hackers, spammers, phishing, 
> etc. A problem for everyone I would suppose. 
> 
> Bret
> 
> On 10/25/2010 10:45 AM, Glenn Kelley rote:
>> 
>> Bret - 
>> 
>> If I poked @ your network right - you are using Cogento. 
>> They should be able to allow you to place something in their DC prior to it 
>> reaching your network.
>> (cost may be $100/mo or so) 
>> 
>> A simple transparent gateway/firewall would do wonders. 
>> 
>> 
>> On Oct 25, 2010, at 6:49 AM, Bret Clark wrote:
>> 
>>> If we got rid of the spammers and attackers we'd have more then enough IP 
>>> addresses and everyone would be able to get by on dial up! Seriously though 
>>> I estimate that 5% of my upstream bandwidth is used by people to spam and 
>>> attempt hack attacks on me. I use numerous apps to stop them such as 
>>> denyhost, but it only stops them at my door, they still use up my 
>>> bandwidth! 
>>> 
>>> Bret
>>> 
>>> On 10/25/2010 12:47 AM, Mike Hammett wrote:
 
 I'm brute force attacked every day all over hell.
 
 -
 Mike Hammett
 Intelligent Computing Solutions
 http://www.ics-il.com
 
   
 
 On 10/24/2010 9:20 PM, Robert West wrote:
> 
> Is it just me or is everyone having their gateway servers attacked by 
> those Chinese so-and so’s?  (WISPA REGS)
> 
>   
> My logs show attacks all weekend on all of my MT gateways.  Sad 
> 
>   
> Never had that before.  Even the Routerboard I use at the house.  
> RELENTLESS! 
> 
>   
> Just sharing  They get swatted off so it’s all good but it’s 
> interesting to watch their attack
> 
>   
> Moving on.
> 
>   
> Steve-
> 
>   
>   
>   
>   
>   
>   
> 
> 
> 
> WISPA Wants You! Join today!
> http://signup.wispa.org/
> 
>  
> WISPA Wireless List: wireless@wispa.org
> 
> Subscribe/Unsubscribe:
> http://lists.wispa.org/mailman/listinfo/wireless
> 
> Archives: http://lists.wispa.org/pipermail/wireless/
   
 
 
 
 WISPA Wants You! Join today!
 http://signup.wispa.org/
 
  
 WISPA Wireless List: wireless@wispa.org
 
 Subscribe/Unsubscribe:
 http://lists.wispa.org/mailman/listinfo/wireless
 
 Archives: http://lists.wispa.org/pipermail/wireless/
>>> 
>>> 
>>> 
>>> 
>>> WISPA Wants You! Join today!
>>> http://signup.wispa.org/
>>> 
>>> 
>>> WISPA Wireless List: wireless@wispa.org
>>> 
>>> Subscribe/Unsubscribe:
>>> http://lists.wispa.org/mailman/listinfo/wireless
>>> 
>>> Archives: http://lists.wispa.org/pipermail/wireless/
>> 
>> _
>> Glenn Kelley | Principle | HostMedic |www.HostMedic.com 
>>   Email: gl...@hostmedic.com
>> Pplease don't print this e-mail unless you really need to.
>> 
>> 
>> 
>> 
>> 
>> WISPA Wants You! Join today!
>> http://signup.wispa.org/
>> 
>>  
>> WISPA Wireless List: wireless@wispa.org
>> 
>> Subscribe/Unsubscribe:
>> http://lists.wispa.org/mailman/listinfo/wireless
>> 
>> Archives: http://lists.wispa.org/pipermail/wireless/
> 
> 
> 
> 
> WISPA Wants You! Join today!
> http://signup.wispa.org/
> 
> 
> WISPA Wireless List: wireless@wispa.org
> 
> Subscribe/Unsubscribe:
> http://lists.wispa.org/mailman/listinfo/wireless
> 
> Archives: http://lists.wispa.org/pipermail/wireless/

_
Glenn Kelley | Principle | HostMedic |www.HostMedic.com 
  Email: gl...@hostmedic.com
Pplease don't print this e-mail unless you really need to.

Re: [WISPA] Brute Force Attacks

2010-10-25 Thread Matt

> Is it just me or is everyone having their gateway servers attacked by those
> Chinese so-and so’s?  (WISPA REGS)
>
>
>
> My logs show attacks all weekend on all of my MT gateways.  Sad
>
>
>
> Never had that before.  Even the Routerboard I use at the house.
> RELENTLESS!

If you have a Mikrotik gateway router there are MANY ways to stop this.

http://www.google.com/search?q=bruteforce&sitesearch=http://wiki.mikrotik.com&ie=utf-8&oe=utf-8

Matt



WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

Re: [WISPA] Brute Force Attacks

2010-10-25 Thread Marco Coelho

Do a traceroute on the IP, then write a complaint to the upstream providers
(ab...@xyx.com).

Works 80% of the time.

Marco



On Sun, Oct 24, 2010 at 11:26 PM, Robert West wrote:

> Brute force attack.  Various user names, various passwords.  Dictionary
> attack.  Seems to be happening all the time now.
>
>
>
>
>
>
>
> *From:* wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] *On
> Behalf Of *Scott Piehn
>
> *Sent:* Sunday, October 24, 2010 11:06 PM
> *To:* WISPA General List
> *Subject:* Re: [WISPA] Brute Force Attacks
>
>
>
> What do you consider a brute force attack?
>
>
>
> We tarpit traffic coming into our network on ssh, ftp, etc.  then put an
> exception list for known server customers.
>
>
>
> I am always looking to identify and block extra stuff at our border
>
>
>
>
>
>
> 
> Scott Piehn
> - Original Message -
>
> *From:* RickG 
>
> *To:* WISPA General List 
>
> *Sent:* Sunday, October 24, 2010 9:44 PM
>
> *Subject:* Re: [WISPA] Brute Force Attacks
>
>
>
> Not here. What ip range?
>
> On Sun, Oct 24, 2010 at 10:20 PM, Robert West 
> wrote:
>
> Is it just me or is everyone having their gateway servers attacked by those
> Chinese so-and so’s?  (WISPA REGS)
>
>
>
> My logs show attacks all weekend on all of my MT gateways.  Sad
>
>
>
> Never had that before.  Even the Routerboard I use at the house.
> RELENTLESS!
>
>
>
> Just sharing  They get swatted off so it’s all good but it’s
> interesting to watch their attack
>
>
>
> Moving on.
>
>
>
> Steve-
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> 
> WISPA Wants You! Join today!
> http://signup.wispa.org/
>
> 
>
> WISPA Wireless List: wireless@wispa.org
>
> Subscribe/Unsubscribe:
> http://lists.wispa.org/mailman/listinfo/wireless
>
> Archives: http://lists.wispa.org/pipermail/wireless/
>
>
> --
>
>
>
>
> 
> WISPA Wants You! Join today!
> http://signup.wispa.org/
>
> 
>
> WISPA Wireless List: wireless@wispa.org
>
> Subscribe/Unsubscribe:
> http://lists.wispa.org/mailman/listinfo/wireless
>
> Archives: http://lists.wispa.org/pipermail/wireless/
>
>
>
>
>
> 
> WISPA Wants You! Join today!
> http://signup.wispa.org/
>
> 
>
> WISPA Wireless List: wireless@wispa.org
>
> Subscribe/Unsubscribe:
> http://lists.wispa.org/mailman/listinfo/wireless
>
> Archives: http://lists.wispa.org/pipermail/wireless/
>



-- 
Marco C. Coelho
Argon Technologies Inc.
POB 875
Greenville, TX 75403-0875
903-455-5036



WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

Re: [WISPA] Brute Force Attacks

2010-10-25 Thread Bret Clark

Cogent is one of our providers and that would be an idea, but we have 
several upstream providers that we peer with via BGP.  The usages isn't 
an issue for as we have enough Internet bandwidth, but it is amazing the 
amount of illegal traffic that comes into our network in terms of 
hackers, spammers, phishing, etc. A problem for everyone I would suppose.


Bret

On 10/25/2010 10:45 AM, Glenn Kelley rote:

Bret -

If I poked @ your network right - you are using Cogento.
They should be able to allow you to place something in their DC prior 
to it reaching your network.

(cost may be $100/mo or so)

A simple transparent gateway/firewall would do wonders.


On Oct 25, 2010, at 6:49 AM, Bret Clark wrote:

If we got rid of the spammers and attackers we'd have more then 
enough IP addresses and everyone would be able to get by on dial up! 
Seriously though I estimate that 5% of my upstream bandwidth is used 
by people to spam and attempt hack attacks on me. I use numerous apps 
to stop them such as denyhost, but it only stops them at my door, 
they still use up my bandwidth!


Bret

On 10/25/2010 12:47 AM, Mike Hammett wrote:

I'm brute force attacked every day all over hell.

-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com  

   


On 10/24/2010 9:20 PM, Robert West wrote:


Is it just me or is everyone having their gateway servers attacked 
by those Chinese so-and so’s?  (WISPA REGS)



My logs show attacks all weekend on all of my MT gateways.  
Sad



Never had that before.  Even the Routerboard I use at the house.  
RELENTLESS!



Just sharing  They get swatted off so it’s all good but it’s 
interesting to watch their attack



Moving on.


Steve-










WISPA Wants You! Join today!
http://signup.wispa.org/


WISPA Wireless List:wireless@wispa.org  

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives:http://lists.wispa.org/pipermail/wireless/





WISPA Wants You! Join today!
http://signup.wispa.org/


WISPA Wireless List:wireless@wispa.org  

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives:http://lists.wispa.org/pipermail/wireless/





WISPA Wants You! Join today!
http://signup.wispa.org/


WISPA Wireless List: wireless@wispa.org 

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/


_
*Glenn Kelley | Principle | HostMedic |www.HostMedic.com *
Email: gl...@hostmedic.com 
Pplease don't print this e-mail unless you really need to.





WISPA Wants You! Join today!
http://signup.wispa.org/


WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/





WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

Re: [WISPA] Brute Force Attacks

2010-10-25 Thread Glenn Kelley

Bret - 

If I poked @ your network right - you are using Cogento. 
They should be able to allow you to place something in their DC prior to it 
reaching your network.
(cost may be $100/mo or so) 

A simple transparent gateway/firewall would do wonders. 


On Oct 25, 2010, at 6:49 AM, Bret Clark wrote:

> If we got rid of the spammers and attackers we'd have more then enough IP 
> addresses and everyone would be able to get by on dial up! Seriously though I 
> estimate that 5% of my upstream bandwidth is used by people to spam and 
> attempt hack attacks on me. I use numerous apps to stop them such as 
> denyhost, but it only stops them at my door, they still use up my bandwidth! 
> 
> Bret
> 
> On 10/25/2010 12:47 AM, Mike Hammett wrote:
>> 
>> I'm brute force attacked every day all over hell.
>> 
>> -
>> Mike Hammett
>> Intelligent Computing Solutions
>> http://www.ics-il.com
>> 
>>   
>> 
>> On 10/24/2010 9:20 PM, Robert West wrote:
>>> 
>>> Is it just me or is everyone having their gateway servers attacked by those 
>>> Chinese so-and so’s?  (WISPA REGS)
>>> 
>>>   
>>> My logs show attacks all weekend on all of my MT gateways.  Sad 
>>> 
>>>   
>>> Never had that before.  Even the Routerboard I use at the house.  
>>> RELENTLESS! 
>>> 
>>>   
>>> Just sharing  They get swatted off so it’s all good but it’s 
>>> interesting to watch their attack
>>> 
>>>   
>>> Moving on.
>>> 
>>>   
>>> Steve-
>>> 
>>>   
>>>   
>>>   
>>>   
>>>   
>>>   
>>> 
>>> 
>>> 
>>> WISPA Wants You! Join today!
>>> http://signup.wispa.org/
>>> 
>>>  
>>> WISPA Wireless List: wireless@wispa.org
>>> 
>>> Subscribe/Unsubscribe:
>>> http://lists.wispa.org/mailman/listinfo/wireless
>>> 
>>> Archives: http://lists.wispa.org/pipermail/wireless/
>> 
>> 
>> 
>> 
>> WISPA Wants You! Join today!
>> http://signup.wispa.org/
>> 
>>  
>> WISPA Wireless List: wireless@wispa.org
>> 
>> Subscribe/Unsubscribe:
>> http://lists.wispa.org/mailman/listinfo/wireless
>> 
>> Archives: http://lists.wispa.org/pipermail/wireless/
> 
> 
> 
> 
> WISPA Wants You! Join today!
> http://signup.wispa.org/
> 
> 
> WISPA Wireless List: wireless@wispa.org
> 
> Subscribe/Unsubscribe:
> http://lists.wispa.org/mailman/listinfo/wireless
> 
> Archives: http://lists.wispa.org/pipermail/wireless/

_
Glenn Kelley | Principle | HostMedic |www.HostMedic.com 
  Email: gl...@hostmedic.com
Pplease don't print this e-mail unless you really need to.




WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

Re: [WISPA] Brute Force Attacks

2010-10-25 Thread Optimum Wireless Services

I've been getting attacked as well but, it has decreased after I took
some mearsures. I changed the ssh server not to accept root login:
PermitRootLogin no

Also installed fail2ban and on top of that created a script that would
block ip addresses I find in the log:

BAD="/etc/badIp"
IPS=$(cat $BAD)

$iptables --delete-chain blockBadIp
$iptables -N blockBadIp
$iptables -F blockBadIp

# $iptables -A INPUT -p tcp --dport 22 -s

$iptables -A blockBadIp -j DROP

for i in $IPS
do
$iptables -A INPUT -p tcp -i $EXT_IFACE -s $i -j blockBadIp
$iptables -A INPUT -p udp -i $EXT_IFACE -s $i -j blockBadIp
done




On Mon, 2010-10-25 at 00:26 -0400, Robert West wrote:
> Brute force attack.  Various user names, various passwords.
> Dictionary attack.  Seems to be happening all the time now. 
> 
>  
> 
>  
> 
>  
> 
> From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org]
> On Behalf Of Scott Piehn
> Sent: Sunday, October 24, 2010 11:06 PM
> To: WISPA General List
> Subject: Re: [WISPA] Brute Force Attacks
> 
> 
>  
> 
> What do you consider a brute force attack?
> 
> 
>  
> 
> 
> We tarpit traffic coming into our network on ssh, ftp, etc.  then put
> an exception list for known server customers.  
> 
> 
>  
> 
> 
> I am always looking to identify and block extra stuff at our border
> 
> 
>  
> 
> 
>  
> 
> 
> 
> 
> Scott Piehn
> - Original Message - 
> 
> 
> From: RickG 
> 
>     
>     To: WISPA General List 
> 
> 
> Sent: Sunday, October 24, 2010 9:44 PM
> 
> 
> Subject: Re: [WISPA] Brute Force Attacks
> 
> 
>  
> 
> 
> Not here. What ip range?
> 
> On Sun, Oct 24, 2010 at 10:20 PM, Robert West
>  wrote:
> 
> Is it just me or is everyone having their gateway servers
> attacked by those Chinese so-and so’s?  (WISPA REGS)
> 
>  
> 
> My logs show attacks all weekend on all of my MT gateways.
> Sad  
> 
>  
> 
> Never had that before.  Even the Routerboard I use at the
> house.  RELENTLESS!  
> 
>  
> 
> Just sharing  They get swatted off so it’s all good but
> it’s interesting to watch their attack
> 
>  
> 
> Moving on.
> 
>  
> 
> Steve-
> 
>  
> 
>  
> 
>  
> 
>  
> 
>  
> 
> 
> 
> 
> 
> 
> 
> WISPA Wants You! Join today!
> http://signup.wispa.org/
> 
> 
> 
> WISPA Wireless List: wireless@wispa.org
> 
> Subscribe/Unsubscribe:
> http://lists.wispa.org/mailman/listinfo/wireless
> 
> Archives: http://lists.wispa.org/pipermail/wireless/
> 
> 
>  
> 
>
> __
> 
> 
> 
> 
> WISPA Wants You! Join today!
> http://signup.wispa.org/
> 
> 
>  
> WISPA Wireless List: wireless@wispa.org
> 
> Subscribe/Unsubscribe:
> http://lists.wispa.org/mailman/listinfo/wireless
> 
> Archives: http://lists.wispa.org/pipermail/wireless/
> 
> 
> 
> WISPA Wants You! Join today!
> http://signup.wispa.org/
> 
>  
> WISPA Wireless List: wireless@wispa.org
> 
> Subscribe/Unsubscribe:
> http://lists.wispa.org/mailman/listinfo/wireless
> 
> Archives: http://lists.wispa.org/pipermail/wireless/




WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

Re: [WISPA] Brute Force Attacks

2010-10-25 Thread Bret Clark

If we got rid of the spammers and attackers we'd have more then enough 
IP addresses and everyone would be able to get by on dial up! Seriously 
though I estimate that 5% of my upstream bandwidth is used by people to 
spam and attempt hack attacks on me. I use numerous apps to stop them 
such as denyhost, but it only stops them at my door, they still use up 
my bandwidth!


Bret

On 10/25/2010 12:47 AM, Mike Hammett wrote:

I'm brute force attacked every day all over hell.

-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com

   


On 10/24/2010 9:20 PM, Robert West wrote:


Is it just me or is everyone having their gateway servers attacked by 
those Chinese so-and so's?  (WISPA REGS)


My logs show attacks all weekend on all of my MT 
gateways.  Sad


Never had that before.  Even the Routerboard I use at the house.  
RELENTLESS!


Just sharing  They get swatted off so it's all good but 
it's interesting to watch their attack


Moving on.

Steve-





WISPA Wants You! Join today!
http://signup.wispa.org/


WISPA Wireless List:wireless@wispa.org  

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives:http://lists.wispa.org/pipermail/wireless/






WISPA Wants You! Join today!
http://signup.wispa.org/


WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/





WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

Re: [WISPA] Brute Force Attacks

2010-10-24 Thread Mike Hammett


I'm brute force attacked every day all over hell.

-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com



On 10/24/2010 9:20 PM, Robert West wrote:


Is it just me or is everyone having their gateway servers attacked by 
those Chinese so-and so's?  (WISPA REGS)


My logs show attacks all weekend on all of my MT 
gateways.  Sad


Never had that before.  Even the Routerboard I use at the house.  
RELENTLESS!


Just sharing  They get swatted off so it's all good but 
it's interesting to watch their attack


Moving on.

Steve-





WISPA Wants You! Join today!
http://signup.wispa.org/


WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/



WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

Re: [WISPA] Brute Force Attacks

2010-10-24 Thread Robert West

Brute force attack.  Various user names, various passwords.  Dictionary
attack.  Seems to be happening all the time now. 

 

 

 

From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On
Behalf Of Scott Piehn
Sent: Sunday, October 24, 2010 11:06 PM
To: WISPA General List
Subject: Re: [WISPA] Brute Force Attacks

 

What do you consider a brute force attack?

 

We tarpit traffic coming into our network on ssh, ftp, etc.  then put an
exception list for known server customers.  

 

I am always looking to identify and block extra stuff at our border

 

 



Scott Piehn
- Original Message - 

From: RickG <mailto:rgunder...@gmail.com>  

To: WISPA General List <mailto:wireless@wispa.org>  

Sent: Sunday, October 24, 2010 9:44 PM

Subject: Re: [WISPA] Brute Force Attacks

 

Not here. What ip range?

On Sun, Oct 24, 2010 at 10:20 PM, Robert West 
wrote:

Is it just me or is everyone having their gateway servers attacked by those
Chinese so-and so's?  (WISPA REGS)

 

My logs show attacks all weekend on all of my MT gateways.  Sad  

 

Never had that before.  Even the Routerboard I use at the house.
RELENTLESS!  

 

Just sharing  They get swatted off so it's all good but it's interesting
to watch their attack

 

Moving on.

 

Steve-

 

 

 

 

 






WISPA Wants You! Join today!
http://signup.wispa.org/



WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

 

  _  





WISPA Wants You! Join today!
http://signup.wispa.org/


 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/




WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

Re: [WISPA] Brute Force Attacks

2010-10-24 Thread Josh Luthman

I suggest using the SSH blacklist script from Butch.  I use it myself and it
works perfectly.  If you are already, increase the duration to 7d.

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373


On Mon, Oct 25, 2010 at 12:23 AM, Robert West wrote:

> Ssh.  I blocked ssh from the get-go so they haven’t a chance anyhow.
>
>
>
>
>
>
>
> *From:* wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] *On
> Behalf Of *Scott Piehn
> *Sent:* Sunday, October 24, 2010 11:06 PM
> *To:* WISPA General List
>
> *Subject:* Re: [WISPA] Brute Force Attacks
>
>
>
> What do you consider a brute force attack?
>
>
>
> We tarpit traffic coming into our network on ssh, ftp, etc.  then put an
> exception list for known server customers.
>
>
>
> I am always looking to identify and block extra stuff at our border
>
>
>
>
>
>
> 
> Scott Piehn
> - Original Message -
>
> *From:* RickG 
>
> *To:* WISPA General List 
>
> *Sent:* Sunday, October 24, 2010 9:44 PM
>
> *Subject:* Re: [WISPA] Brute Force Attacks
>
>
>
> Not here. What ip range?
>
> On Sun, Oct 24, 2010 at 10:20 PM, Robert West 
> wrote:
>
> Is it just me or is everyone having their gateway servers attacked by those
> Chinese so-and so’s?  (WISPA REGS)
>
>
>
> My logs show attacks all weekend on all of my MT gateways.  Sad
>
>
>
> Never had that before.  Even the Routerboard I use at the house.
> RELENTLESS!
>
>
>
> Just sharing  They get swatted off so it’s all good but it’s
> interesting to watch their attack
>
>
>
> Moving on.
>
>
>
> Steve-
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> 
> WISPA Wants You! Join today!
> http://signup.wispa.org/
>
> 
>
> WISPA Wireless List: wireless@wispa.org
>
> Subscribe/Unsubscribe:
> http://lists.wispa.org/mailman/listinfo/wireless
>
> Archives: http://lists.wispa.org/pipermail/wireless/
>
>
> --
>
>
>
>
> 
> WISPA Wants You! Join today!
> http://signup.wispa.org/
>
> 
>
> WISPA Wireless List: wireless@wispa.org
>
> Subscribe/Unsubscribe:
> http://lists.wispa.org/mailman/listinfo/wireless
>
> Archives: http://lists.wispa.org/pipermail/wireless/
>
>
>
>
>
> 
> WISPA Wants You! Join today!
> http://signup.wispa.org/
>
> 
>
> WISPA Wireless List: wireless@wispa.org
>
> Subscribe/Unsubscribe:
> http://lists.wispa.org/mailman/listinfo/wireless
>
> Archives: http://lists.wispa.org/pipermail/wireless/
>



WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

Re: [WISPA] Brute Force Attacks

2010-10-24 Thread Robert West

Ssh.  I blocked ssh from the get-go so they haven't a chance anyhow.

 

 

 

From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On
Behalf Of Scott Piehn
Sent: Sunday, October 24, 2010 11:06 PM
To: WISPA General List
Subject: Re: [WISPA] Brute Force Attacks

 

What do you consider a brute force attack?

 

We tarpit traffic coming into our network on ssh, ftp, etc.  then put an
exception list for known server customers.  

 

I am always looking to identify and block extra stuff at our border

 

 



Scott Piehn
- Original Message - 

From: RickG <mailto:rgunder...@gmail.com>  

To: WISPA General List <mailto:wireless@wispa.org>  

Sent: Sunday, October 24, 2010 9:44 PM

Subject: Re: [WISPA] Brute Force Attacks

 

Not here. What ip range?

On Sun, Oct 24, 2010 at 10:20 PM, Robert West 
wrote:

Is it just me or is everyone having their gateway servers attacked by those
Chinese so-and so's?  (WISPA REGS)

 

My logs show attacks all weekend on all of my MT gateways.  Sad  

 

Never had that before.  Even the Routerboard I use at the house.
RELENTLESS!  

 

Just sharing  They get swatted off so it's all good but it's interesting
to watch their attack

 

Moving on.

 

Steve-

 

 

 

 

 






WISPA Wants You! Join today!
http://signup.wispa.org/



WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

 

  _  





WISPA Wants You! Join today!
http://signup.wispa.org/


 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/




WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

Re: [WISPA] Brute Force Attacks

2010-10-24 Thread Robert West

71.87.16.186

 

This SOB has been hitting me all over the place.  Firewall rules keep
knocking him out but it seems to be more and more now.  This one IP has hit
every one of my gateways this weekend...  Over and over.

 

 

From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On
Behalf Of RickG
Sent: Sunday, October 24, 2010 10:44 PM
To: WISPA General List
Subject: Re: [WISPA] Brute Force Attacks

 

Not here. What ip range?

On Sun, Oct 24, 2010 at 10:20 PM, Robert West 
wrote:

Is it just me or is everyone having their gateway servers attacked by those
Chinese so-and so's?  (WISPA REGS)

 

My logs show attacks all weekend on all of my MT gateways.  Sad  

 

Never had that before.  Even the Routerboard I use at the house.
RELENTLESS!  

 

Just sharing  They get swatted off so it's all good but it's interesting
to watch their attack

 

Moving on.

 

Steve-

 

 

 

 

 






WISPA Wants You! Join today!
http://signup.wispa.org/



WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

 




WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

Re: [WISPA] Brute Force Attacks

2010-10-24 Thread Scott Piehn

What do you consider a brute force attack?

We tarpit traffic coming into our network on ssh, ftp, etc.  then put an 
exception list for known server customers.  

I am always looking to identify and block extra stuff at our border




Scott Piehn
- Original Message - 
  From: RickG 
  To: WISPA General List 
  Sent: Sunday, October 24, 2010 9:44 PM
  Subject: Re: [WISPA] Brute Force Attacks


  Not here. What ip range?


  On Sun, Oct 24, 2010 at 10:20 PM, Robert West  
wrote:

Is it just me or is everyone having their gateway servers attacked by those 
Chinese so-and so’s?  (WISPA REGS)



My logs show attacks all weekend on all of my MT gateways.  Sad  



Never had that before.  Even the Routerboard I use at the house.  
RELENTLESS!  



Just sharing  They get swatted off so it’s all good but it’s 
interesting to watch their attack



Moving on.



Steve-
















WISPA Wants You! Join today!
http://signup.wispa.org/



WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/





--




  

  WISPA Wants You! Join today!
  http://signup.wispa.org/
  

   
  WISPA Wireless List: wireless@wispa.org

  Subscribe/Unsubscribe:
  http://lists.wispa.org/mailman/listinfo/wireless

  Archives: http://lists.wispa.org/pipermail/wireless/


WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

Re: [WISPA] Brute Force Attacks

2010-10-24 Thread RickG

Not here. What ip range?

On Sun, Oct 24, 2010 at 10:20 PM, Robert West wrote:

> Is it just me or is everyone having their gateway servers attacked by those
> Chinese so-and so’s?  (WISPA REGS)
>
>
>
> My logs show attacks all weekend on all of my MT gateways.  Sad
>
>
>
> Never had that before.  Even the Routerboard I use at the house.
> RELENTLESS!
>
>
>
> Just sharing  They get swatted off so it’s all good but it’s
> interesting to watch their attack
>
>
>
> Moving on.
>
>
>
> Steve-
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> 
> WISPA Wants You! Join today!
> http://signup.wispa.org/
>
> 
>
> WISPA Wireless List: wireless@wispa.org
>
> Subscribe/Unsubscribe:
> http://lists.wispa.org/mailman/listinfo/wireless
>
> Archives: http://lists.wispa.org/pipermail/wireless/
>



WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

[WISPA] Brute Force Attacks

2010-10-24 Thread Robert West

Is it just me or is everyone having their gateway servers attacked by those
Chinese so-and so's?  (WISPA REGS)

 

My logs show attacks all weekend on all of my MT gateways.  Sad  

 

Never had that before.  Even the Routerboard I use at the house.
RELENTLESS!  

 

Just sharing  They get swatted off so it's all good but it's interesting
to watch their attack

 

Moving on.

 

Steve-

 

 

 

 

 




WISPA Wants You! Join today!
http://signup.wispa.org/

 
WISPA Wireless List: wireless@wispa.org

Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless

Archives: http://lists.wispa.org/pipermail/wireless/

Re: [WISPA] Brute Force Attacks

Re: [WISPA] Brute Force Attacks

Re: [WISPA] Brute Force Attacks

Re: [WISPA] Brute Force Attacks

Re: [WISPA] Brute Force Attacks

Re: [WISPA] Brute Force Attacks

Re: [WISPA] Brute Force Attacks

Re: [WISPA] Brute Force Attacks

Re: [WISPA] Brute Force Attacks

Re: [WISPA] Brute Force Attacks

Re: [WISPA] Brute Force Attacks

Re: [WISPA] Brute Force Attacks

Re: [WISPA] Brute Force Attacks

Re: [WISPA] Brute Force Attacks

Re: [WISPA] Brute Force Attacks

Re: [WISPA] Brute Force Attacks

[WISPA] Brute Force Attacks

17 matches

Site Navigation

Mail list logo

Footer information