Re: [exim] DOS attack. What to do?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MRob Munsch at <-
MRob Munsch at ->
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: exim users
Subject: Re: [exim] DOS attack. What to do?
Rob Munsch wrote:
> W B Hacker wrote:
>
>> Primary target is our oldest *.net domain, and a chunk of
>> dictionary-attack non-existent users with the NetSol-WHOIS published
>> domain contact address included makes up the pattern.
>>
>>
> I'm using DenyHosts for this particular angle; had it set very, very
> forgiving and denying only ssh, but expanded gradually towards "piss of
> one tripwire and all the rest preemptively ignore you" sort of system.
> Have any thoughts on it?
>
> Due to the shared-central thresholding (an interesting
> community-consensus feature that seems to make it poison resistant), and
> its 100% accuracy so far*, i was thinking of having exim use it as a
> local blacklist, but... not sure how good an idea that is.
>
> * first 2 weeks i had the thing up, i manually looked up every IP it
> didn't like. I wound up with a hit for the usual suspects on all of
> 'em, so much so that i have begun to memorize netblocks, quite against
> my will. My brain hurts.
>
> Thoughts? Experiences? Strong contraindications, misgivings,
> superstitions or recommended rituals?
>

Concept looks like something we do more or less manually on data from (only) our
own servers. Should be valid.

Personally, however, seeing either 'Linux' or 'script' puts me off, and both in
the same sentance, adjacent, is the kiss of death...

YMMV

Bill



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Need a little perl adviceRe: [exim] System Filter Syntax Help->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)