Password scanning, countermeasures

By Jason Fesler on September 1, 2007 12:00 PM | | Comments (0)
Due to the amount of ssh account scanning (mostly from netblocks that appear to be from China, hundreds of attempts at night), as well as hearing that a local ISP is having his mail server similiarly probed, I'm adding some countermeasures.

If you have too many login attempts on (ssh, mail, webmail, whatever) the system will start blocking you on those ports for 15-20 minutes.  The blocks will be removed automatically.  When things are blocked, the only useful port you'll find working is the regular web port - if you can reach http://gigo.com then the network is fine, just try logging in a bit later.

-jason

Categories

Announcements

Tags

Leave a comment


About this Entry

This page contains a single entry by Jason Fesler published on September 1, 2007 12:00 PM.

FreeBSD kernel crashes, what to do was the previous entry in this blog.

Which libc is that? is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Powered by Movable Type 4.0