On Sun, Jul 25, 2010 at 2:34 PM, Marc Grober <marc@interak.com> wrote:
> Has anyone else noticed an increase in probes by exploiters, especially =
=A0eff=3D
> orts to access systems via ssh over last few weeks?
>
I've noticed as well. I run fail2ban and denyhosts in several
locations and at my corporate locations I use port limiting which
takes good care of the problem. No more than 11 hits in 60 seconds
seems to work well for my IPs. Otherwise deny all access all around.
Not to worried about running on an off port. It's not a horrible
idea, limiting takes care of most of the problems that crop up.
Now.. SIP Register Bot Attacks.. theres the fun stuff. UDP that just
won't stop and is completely unblockable save for calling the ISP
responsible for the attackers connection and asking them politely to
violate their rights in whatever country they are set up in.
The only real defense for that is to let the bot think it won by
redirecting it to a honeypot running a mock SIP server that says
"Yay.. you cracked the code.. good for you".. suddenly 3mbps drops off
the load.
- Shane
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Aug 3 19:40:36 2010
This archive was generated by hypermail 2.1.8 : Tue Aug 03 2010 - 19:40:36 AKDT