Re: [exim] sudo - iptables trick

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMMarc Perkel at <-
.MVincent Danen at ->
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] sudo - iptables trick
Tom Kistner wrote:

> Marc Perkel wrote:
>
>
>>Basicly my idea is that when a dictionary tack occurs I want to block
>>the IP address for a short period of time as a load reduction trick with
>>the chain being cleared every few minutes.
>
>
> I've been doing this for a few months with very good results. Not to
> reduce the load, but unclutter the logs :)
>
> Everyone submitting spam or being matched against an RBL is put on the
> blacklist for five minutes. This does wonders for the log size and
> readability.
>
> I do this via a script I called "timeban". It's universal so it can be
> used for other blocking purposes as well. Handles management of a
> blocking chain. Can also manage counters per-IP so you can block IPs
> after multiple infractions ... useful for SSH dictionary "attacks" too.
>
> Maybe I'll write some short docs next week and put it in the wiki.
>
> /tom
>
>
>

Tom,

Might that tool also be adaptable to putting bogus/forged HELO
strings into an ephemeral "timeban'ed" list?

We see a number of attacks wherein the IP's change (Zombie
farm?) but either the addressees or the HELO is the same.

Thanks,

Bill



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] sudo - iptables trickRe: [exim] Tools for SQL export to CDB->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)