Connection throttling POP3.
Robert Banz
banz at umbc.edu
Mon May 21 23:12:56 EDT 2007
On May 21, 2007, at 21:50, Daniel O'Connor wrote:
> On Tuesday 22 May 2007 05:10, Matthew Schumacher wrote:
>> I'm getting some spammer trying to guess usernames and passwords:
>
> I use the following to protect my SSH server (well not the SSH server
> per se, just me reading logfiles the next day)
>
> http://www.gsoft.com.au/~doconnor/brute-force-mitigation.html
>
> Needs PF though.
I take the approach of having a perl script (yay! File::Tail) sit and
watch the logs on each server looking for signs of ssh (could easily
be used for other things like pop as well) brute force attacks. A
certain # of failed logins in a time window from a single IP will
cause that IP to get blocked by ipfilter for an appropriate period of
time, after which the block is removed. This stops most of your
brute-force guessers; after a few tries of having their packets end
up on the floor, they go away.
-rob
More information about the Info-cyrus
mailing list