Re: [exim] DOS attack. What to do?

Pàgina inicial
Delete this message
Reply to this message
Autor: Rob Munsch
Data:  
A: W B Hacker
CC: exim users
Assumpte: Re: [exim] DOS attack. What to do?
W B Hacker wrote:

>Primary target is our oldest *.net domain, and a chunk of dictionary-attack
>non-existent users with the NetSol-WHOIS published domain contact address
>included makes up the pattern.
>
>

I'm using DenyHosts for this particular angle; had it set very, very
forgiving and denying only ssh, but expanded gradually towards "piss of
one tripwire and all the rest preemptively ignore you" sort of system.
Have any thoughts on it?

Due to the shared-central thresholding (an interesting
community-consensus feature that seems to make it poison resistant), and
its 100% accuracy so far*, i was thinking of having exim use it as a
local blacklist, but... not sure how good an idea that is.

* first 2 weeks i had the thing up, i manually looked up every IP it
didn't like. I wound up with a hit for the usual suspects on all of
'em, so much so that i have begun to memorize netblocks, quite against
my will. My brain hurts.

Thoughts? Experiences? Strong contraindications, misgivings,
superstitions or recommended rituals?

--
Rob Munsch
Solutions For Progress IT
www.solutionsforprogress.com