Re: deflecting attacks

2009-08-24 Thread lst_hoe02
Zitat von AMP Admin : Does anyone use iptables or something to defend against attacks? Like if x amount of requests per x amount of time send away. If so I would love some examples. Thanks! We use the following : $IPTABLES -N SMTP-BLOCK $IPTABLES -A SMTP-BLOCK -m limit --limit 1/m --limit

Re: deflecting attacks

2009-08-22 Thread Luigi Rosa
Roderick A. Anderson said the following on 23/08/2009 1.04: I use fail2ban with ipf on Solaris 10. When a host produces to many 5xx errors or sends to much spam it is banned in the firewall. failregex = reject: RCPT from (.*)\[\]: 5\d\d ban time 1h failregex = Passed SPAM, \[\] ban time 10m

Re: deflecting attacks

2009-08-22 Thread Roderick A. Anderson
Jorey Bump wrote: Martijn de Munnik wrote, at 08/22/2009 02:06 PM: I use fail2ban with ipf on Solaris 10. When a host produces to many 5xx errors or sends to much spam it is banned in the firewall. failregex = reject: RCPT from (.*)\[\]: 5\d\d ban time 1h failregex = Passed SPAM, \[\] ban tim

Re: deflecting attacks

2009-08-22 Thread Terry Carmen
> AMP Admin wrote: >> Does anyone use iptables or something to defend against attacks? Like >> if x amount of requests per x amount of time send away. If so I would >> love some examples. Thanks! > > Probably based on Glenn English's work (in another email) I found this > during a brute force s

Re: deflecting attacks

2009-08-22 Thread Jorey Bump
Martijn de Munnik wrote, at 08/22/2009 02:06 PM: > I use fail2ban with ipf on Solaris 10. When a host produces to many 5xx > errors or sends to much spam it is banned in the firewall. > > failregex = reject: RCPT from (.*)\[\]: 5\d\d > ban time 1h > > failregex = Passed SPAM, \[\] > ban time 10m

Re: deflecting attacks

2009-08-22 Thread Roderick A. Anderson
AMP Admin wrote: Does anyone use iptables or something to defend against attacks? Like if x amount of requests per x amount of time send away. If so I would love some examples. Thanks! Probably based on Glenn English's work (in another email) I found this during a brute force search with G

Re: deflecting attacks

2009-08-22 Thread Martijn de Munnik
On Aug 22, 2009, at 8:16 PM, AMP Admin wrote: Ø Does anyone use iptables or something to defend against attacks? Like if x amount of requests per x amount of time send away. If so I would love some examples. Thanks! Thanks for the tips guys. How does that do with search engine bots

Re: deflecting attacks

2009-08-22 Thread ghe
On Aug 22, 2009, at 11:53 AM, AMP Admin wrote: Does anyone use iptables or something to defend against attacks? Like if x amount of requests per x amount of time send away. If so I would love some examples. Thanks! There's also a cool feature in iptables called "recent". It allows you

RE: deflecting attacks

2009-08-22 Thread AMP Admin
Ø Does anyone use iptables or something to defend against attacks? Like if x amount of requests per x amount of time send away. If so I would love some examples. Thanks! Thanks for the tips guys. How does that do with search engine bots? It doesn’t block them, right?

Re: deflecting attacks

2009-08-22 Thread Martijn de Munnik
On Aug 22, 2009, at 7:53 PM, AMP Admin wrote: Does anyone use iptables or something to defend against attacks? Like if x amount of requests per x amount of time send away. If so I would love some examples. Thanks! Hi, I use fail2ban with ipf on Solaris 10. When a host produces to many

RE: deflecting attacks

2009-08-22 Thread Dudi Goldenberg
>Does anyone use iptables or something to defend against attacks?  Like if x >>amount of requests per x amount of time send away.  If so I would love some >>examples.  Thanks! Have a look at fail2ban, http://www.fail2ban.org/wiki/index.php/Main_Page Regards, D.