[prev in list] [next in list] [prev in thread] [next in thread] 

List:       opensuse
Subject:    Re: [opensuse] dictionary attacks
From:       John Andersen <jsa () pen ! homeip ! net>
Date:       2007-07-30 18:53:49
Message-ID: 200707301053.50678.jsa () pen ! homeip ! net
[Download RAW message or body]

On Sunday 29 July 2007, Patrick Shanahan wrote:
> * Richard Creighton <ricreig@gmail.com> [07-29-07 15:46]:
> > I don't think he wants to block off the public, just someone he has
> > detected abusing.
>
> exactly and I am presently using fail2ban to block:
>
>   [postfix-tcpwrapper]
>
>   enabled  = true
>   filter   = postfix
>   action   = hostsdeny[file=/etc/hosts.deny]
>              mail[name=Postfix, dest=postmaster@localhost]
>   logpath  = /var/log/mail
>   bantime  = 300
>
> which places 554 rejection ip into /etc/hosts.deny, but the firewall
> action denying rogue ssh attempts is cleaner, requires less resources
> and sees the ip sooner.
>
> is this correct:
> FW_SERVICES_ACCEPT_EXT="0/0,tcp,25,,hitcount=3,blockseconds=120

A better way to do this is with Postfix Anvil. Its already designed into 
postfix, so why re-invent the wheel?  It does it in the proper way.



-- 
_____________________________________
John Andersen

[Attachment #3 (application/pgp-signature)]
-- 
To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse+help@opensuse.org


[prev in list] [next in list] [prev in thread] [next in thread]