Re: what percent of time are there unpatched exploits against default config?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On 12/30/2011 09:02 PM, Alex Milojkovic wrote:
> Scenario of botnet with 1000 PCs making attempts to crack are password ain't gonna happen. 
>
On one system that I run, for a fairly popular domain, I see botnet
attacks trying to break in to the pop and ftp ports as well as botnet
spam and SASL auth attacks on the smtp port.  My ssh port is not open to
the outside world.

The attacks come and go in waves, but If I don't use various limiting
tools, they will try sometimes to make as many as 50 simultaneous
connections to my server.  I saw this the worst with spam on the smtp port.

fail2ban is not so effective on botnet attacks.  Newer version of
postfix include postscreen, a front end which blocks botnet attacks (but
only for smtp connections).  I plan to install it.

I have found that most of the attacks are coming from china, south
korea, japan, russia, various south american countries.  I would like to
start blocking access to certain services from some countries.  I've
been considering using ipdeny.com data.

Does ipset work with the existing kernel under CentOS 5 and if so is
there an RPM available?  I've goggled around a bit, but haven't found
anything.  From http://ipset.netfilter.org/ I'm led to believe that the
current kernel should support it.

Nataraj

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux