[SATLUG] SATLUG Outage
bruce.dubbs at gmail.com
Wed Nov 11 18:41:53 CST 2009
> On Thursday 05 November 2009 11:37:41 pm Bruce Dubbs wrote:
> [static IP blocking]
>> I haven't put them back yet, but send me directly the IP addresses you
>> want to ensure don't get blocked and I'll make that happen.
> Why are you using static IP blocking man? It's the 21st century.. there are
> better ways.. ;)
>> The problem is that I really don't like many thousands of attempts to
>> guess a password via ssh and many thousands more trying to use the mail
>> server as an open relay, which it isn't. Most of the attempts are from
>> Asia or Europe.
> Sounds like you should install swatch and tarpit.
If someone tries x logins on my server where x is a reasonably large
number, why should I ever let them have any access at all to the server?
Some hackers have access to a large number of servers, but they are
usually on the same IP block. The swatch solution doesn't really
address that. Of course my method it doesn't block those that have
large networks of zombies spread throughout the world, but my analysis
of logs have shown a large number of hack attempts from Eastern Europe,
Russia, China, Korea, and Taiwan. Personally, I don't think those
addresses need access to SATLUG in any capacity.
I suppose I could allow global access to ports 80 and 25 and block all
others except for selected addresses.
More information about the SATLUG