I've been running debian @ home and @ work, for years, had no indication
of attacks. Over the last few days, my iptables firewall seemed simply
to stop. I checked my auth log file to find many, many attempts to break
in. My firewall was very simple. I have since added rules to drop
packets from offending IP addresses. So, I have a couple of very basic
questions:
1. Are there repositories of offending IP addresses to block? Can/should
one contribute to these?
2. The attacks never use the same user name more than once. Is there a
way to block access, even temporarily, from an IP address after a set
number of attempts, even if the attempts use different user names?
3. Are there other obvious things I should be doing?
Art Edwards
--
Arthur H. Edwards
Senior Research Physicist
Air Force Research Laboratory
AFRL/VSSE
Bldg. 914
3550 Aberdeen Ave. SE
KAFB, NM 87117-5776
(505) 853-6042 (O)
(505) 463-6722 (C)
(505) 846-2290 (F)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
