Bruce Dubbs bruce.dubbs at gmail.com
Wed Nov 11 18:41:53 CST 2009

Tweeks wrote:
> On Thursday 05 November 2009 11:37:41 pm Bruce Dubbs wrote:
> [static IP blocking]
>> I haven't put them back yet, but send me directly the IP addresses you
>> want to ensure don't get blocked and I'll make that happen.
> Why are you using static IP blocking man?  It's the 21st century.. there are 
> better ways.. ;)
>> The problem is that I really don't like many thousands of attempts to
>> guess a password via ssh and many thousands more trying to use the mail
>> server as an open relay, which it isn't.  Most of the attempts are from
>> Asia or Europe.
> Sounds like you should install swatch and tarpit.
> 	http://www.gagme.com/greg/linux/protect-ssh.php

If someone tries x logins on my server where x is a reasonably large 
number, why should I ever let them have any access at all to the server?

Some hackers have access to a large number of servers, but they are 
usually on the same IP block.  The swatch solution doesn't really 
address that.  Of course my method it doesn't block those that have 
large networks of zombies spread throughout the world, but my analysis 
of logs have shown a large number of hack attempts from Eastern Europe, 
Russia, China, Korea, and Taiwan.  Personally, I don't think those 
addresses need access to SATLUG in any capacity.

I suppose I could allow global access to ports 80 and 25 and block all 
others except for selected addresses.

   -- Bruce

More information about the SATLUG mailing list