Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: High Number Of Connection Attempts

0 views
Skip to first unread message

Nikolaos Milas

unread,
Feb 4, 2012, 1:29:16 PM2/4/12
to
On 4/2/2012 7:58 μμ, Nick Bright wrote:

>
> The only thing I have found is ConfigServer firewall:
>
> http://configserver.com/cp/csf.html
>
> It is a dynamic firewall containing a "login failure daemon" that
> monitors for failed logins on various services, and blocks offending
> IP's based on your defined thresholds.
>

And, if you are on linux, the good old Fail2ban... (if you are not using
IPv6, or if you don't need badly to avert offensives over IPv6).

I am always hoping they will sometime support IPv6.

Check: http://www.fail2ban.org

Nick

Simon Brereton

unread,
Feb 4, 2012, 1:45:24 PM2/4/12
to


On Feb 4, 2012 1:03 PM, "Pete" <pe...@nrth.org> wrote:
>
> On 04/02/2012 17:58, Nick Bright wrote:
>>
>> On 2/4/2012 11:47 AM, Pete wrote:
>>>
>>> Hello,
>>>
>>> Can someone confirm that the log excerpt below is most likely a bot of
>>> some kind attempting to authenticate to my Postfix server please ?
>>>
>>
>> That looks like a brute force attempt, or at least a bot looking for
>> weak passwords. I see the same things in my logs, too.


>>
>> The only thing I have found is ConfigServer firewall:
>>
>> http://configserver.com/cp/csf.html
>
>

> [..]
>
> Thanks Nick, I'll take a look.

I use fail2ban to limit brute auth attempts like that.  You can set it up so that 3 fails in a minute is a 20 ban.  I'd rather have people call the help desk than a weak password get cracked..

Simon

>

0 new messages