Re: ddos mail attack thwarted by spamd greylisting!

2006-06-18 Thread laurent FANIS
Greetings I think one way to avoid all that is by using network tap, and bonding two network cards. To be honest i haven't tried it on a openBSD (bonding two network cards) but i suppose it should work.If anyone has tried snort with passive tap and openBSD i would appreciate if they share their e

Re: ddos mail attack thwarted by spamd greylisting!

2006-06-18 Thread Joachim Schipper
On Fri, Jun 16, 2006 at 09:44:32AM -0600, Bob Beck wrote: > * Joachim Schipper <[EMAIL PROTECTED]> [2006-06-15 18:03]: > > On Tue, Jun 13, 2006 at 01:07:46AM -0600, Bob Beck wrote: > > > > Luckily, spamd greylisting saved the day. If it wasn't for BASE/snort > > > > reporting of the portscan, I w

Re: ddos mail attack thwarted by spamd greylisting!

2006-06-16 Thread Bob Beck
* Joachim Schipper <[EMAIL PROTECTED]> [2006-06-15 18:03]: > On Tue, Jun 13, 2006 at 01:07:46AM -0600, Bob Beck wrote: > > > Luckily, spamd greylisting saved the day. If it wasn't for BASE/snort > > > reporting of the portscan, I wouldn't have even bothered looking in my > > > logs > > > tonite,

Re: ddos mail attack thwarted by spamd greylisting!

2006-06-15 Thread Joachim Schipper
On Tue, Jun 13, 2006 at 01:07:46AM -0600, Bob Beck wrote: > > Luckily, spamd greylisting saved the day. If it wasn't for BASE/snort > > reporting of the portscan, I wouldn't have even bothered looking in my logs > > tonite, and probably would never have been aware of the thwarted attempt. > > >

Re: ddos mail attack thwarted by spamd greylisting!

2006-06-15 Thread Joachim Schipper
On Thu, Jun 15, 2006 at 10:02:49AM +0700, riwanlky wrote: > Hi Guys, > > I am going to install IDS for my firewall. According to this message > snort have problem, is there any alternative IDS? Is there any IPS? I've heard good things about Bro-IDS . It's not in ports, tho

Re: ddos mail attack thwarted by spamd greylisting!

2006-06-14 Thread riwanlky
Hi Guys, I am going to install IDS for my firewall. According to this message snort have problem, is there any alternative IDS? Is there any IPS? Thanks, Riwan At 01:07 AM 6/13/2006 -0600, Bob Beck wrote: > Luckily, spamd greylisting saved the day. If it wasn't for BASE/snort > reporting of t

Re: ddos mail attack thwarted by spamd greylisting!

2006-06-13 Thread Bob Beck
> Luckily, spamd greylisting saved the day. If it wasn't for BASE/snort > reporting of the portscan, I wouldn't have even bothered looking in my logs > tonite, and probably would never have been aware of the thwarted attempt. > Good thing they're only portscanning and mailbombing you th

ddos mail attack thwarted by spamd greylisting!

2006-06-12 Thread Josh Grosse
Wow. Mailbomb attack attempts from 3 different spam bots, from 3 different cable systems in the US, all at the same time, with the same random fake hotmail accounts, after a portscan from one of the 3 bots. Luckily, spamd greylisting saved the day. If it wasn't for BASE/snort reporting of the p