Am 28.08.2015 um 20:03 schrieb Forrest: > I've become used to the script kiddies sending out large connection > requests (I do have a threshold set). They are able to get around it by > other connections. For example, I had 857 connects of this: > > Aug 28 11:57:35 mail postfix/smtpd[20544]: connect from > unknown[5.232.194.77] > Aug 28 11:57:35 mail postfix/smtpd[20544]: warning: Connection rate > limit exceeded: 56 from unknown[5.232.194.77] for service smtp > Aug 28 11:57:35 mail postfix/smtpd[20544]: disconnect from > unknown[5.232.194.77] ehlo=1 auth=0/1 unknown=0/2 commands=1/4 > > While it may be time for an external tool like fail2ban, I'm wondering > if there are other measures I can take, that may break things (but I'm > the only one that uses this system), such as changing port numbers of > certain services. > > I do block the IP spaces when I see this, which is a no-brainer. But I > wonder how others are mitigating this activity. Pointers, advice > welcomed (and thanks in advance). > > > _F > >
if youre the only user, postscreen and fail2ban should be fine Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
