KCLUG

5 participants
3248 discussions

Re: Need help!
by Jack 02 May '05

02 May '05

--- Frank Wiles wrote: > On Sat, 30 Apr 2005 21:52:02 -0700 (PDT) > Jack <quiet_celt(a)yahoo.com> wrote: > > > ... I'm looking > for > > solution to reduce the attacks. The box is a "busy > > box", that is running several services. It runs > the > > ... > > The best way to lock out these attackers is to > simply use > iptables to block their IPs from accessing your > system. It > doesn't prevent a DoS on your available bandwidth, > but it keeps > them from bugging your system. I'm not sure why > this hasn't > been suggested before. I have about half of the addresses blocked, but what is the impact of adding 150 ip addresses to iptables with potentially hundreds more over time? At what point will iptables eat up all my bandwidth in blocking addresses? Thanks everyone for the suggestions. Brian D. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com

3 2

Meeting dates
by Jared 02 May '05

02 May '05

The meeting dates on the website are not right... I'm looking forward to going to my first meeting in over a year this Wednesday, please correct me if I'm wrong. -Jared

1 0

Re: Need help!
by Jack 02 May '05

02 May '05

--- "D. Hageman" wrote: > On Sat, 30 Apr 2005, Jack wrote: > > > > Taking the box offline would take down my mail > server. > > I use this yahoo account for kclug, but I get all > my > > regular mail through accounts on my mail server. I > > didn't say the box has been compromised, I just > want > > advice on blocking these attacks as much as > possible. > > But I don't want to bring my box to a crawl to do > it. > > > > You should consider getting a secondary MX server. > There will be times > where you just can't avoid having the box be > inaccessible. If you had a > secondary MX this would be a non-issue. > I would like to add a secondary MX box. It's on my wish list. However, I don't see how that would make it a non-issue. If I take one box down, then the second one would become the attack target. I'm looking for solution to reduce the attacks. The box is a "busy box", that is running several services. It runs the firewall, webserver, mail server and of course is also hosting ssh access. The primary attack is focused on the sshd. The system is running stable with one or two services apt-pinned to testing and has the latest patches. I've analysed the system remotely a little and didn't see any indications of the system actually getting cracked. I'm primarily looking for techniques and suggesstions on ways to further lock out these crackers, without bogging down the box. Also on the remote checking of the system, what are some favorite tools for this? Thanks, Brian __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com

5 4

reminder: trim posts
by Jason Clinton 01 May '05

01 May '05

Just a friendly reminder that the only KCLUG posting policy that everyone agrees on is that all posts should have the quoted section of the message you are replying to trimmed down to only that part which is relevant.

1 0

Re: Need help!
by Jack 30 Apr '05

30 Apr '05

--- "Matthew T. Eskes" wrote: > Jack wrote: > > >My internet server is being actively attacked. > >I now have a list of 130 addresses attempting to > >break into my server. Sometimes very aggressivley. > >I have many of these address blocked, but I am > >concerned > >with performance degrading of my server if I block > all > >of these addresses and continue to add more on a > >regular basis. Anyone have any suggestions? There's > >really nothing on the server worth attacking, but > it > >is my mail server. > > > > > > > I would get that box offline *now*, backup all the > info and reinstall. > Taking the box offline would take down my mail server. I use this yahoo account for kclug, but I get all my regular mail through accounts on my mail server. I didn't say the box has been compromised, I just want advice on blocking these attacks as much as possible. But I don't want to bring my box to a crawl to do it. Thanks, Brian D. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com

2 1

Re: Need help!
by Jack 30 Apr '05

30 Apr '05

--- Jack <quiet_celt(a)yahoo.com> wrote: > My internet server is being actively attacked. > I now have a list of 130 addresses attempting to > break into my server. Sometimes very aggressivley. > ... I forgot to mention, that somehow these attackers are using two real accounts on the machine. Perhaps one or more of the attackers was thev previous attacker. Or possibly, they got the user id from my mail server. I had a configuration that I forgot to shut off that would respond to requests for user mail accounts. That's been turned off. I may consider deleting those accounts and creating new ones. Thanks, Brian D. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com

3 2

Need help!
by Jack 30 Apr '05

30 Apr '05

My internet server is being actively attacked. I now have a list of 130 addresses attempting to break into my server. Sometimes very aggressivley. I have many of these address blocked, but I am concerned with performance degrading of my server if I block all of these addresses and continue to add more on a regular basis. Anyone have any suggestions? There's really nothing on the server worth attacking, but it is my mail server. Thanks, Brian D. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com

2 1

Re: local development server and mapping drives
by Jack 29 Apr '05

29 Apr '05

--- "D. Hageman" <dhageman(a)dracken.com> wrote: > > You could easily use any of the following to achieve > your goal: > > NFS > Samba > OpenAFS > > Each has its pros and cons. That was kind of my point in asking. Although I really hadn't given NFS serious thought. Last I remember NFS was a rootkit waiting to happen. I'm looking for something that is somewhat transparent, easy to manage, doesn't need babysitting, has the *nix approach to security. I'm not looking for a CVS. That is another beast entirely. I'm looking for something where, after cheking out the code I can store it on a machine dedicated to apache/<db of choice> so my desktop system doesn't need them running, and modify the code from my desktop and test the changes as I go. Then when I'm happy with it check it back into CVS. In the process my desktop never runs the code, never saves the code (except in cache memory) and never runs the CVS depository. Thanks for the input people, Brian D. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com

3 3

RE: local development server and mapping drives
by Kelsay, Brian - Kansas City, MO 29 Apr '05

29 Apr '05

Couldn't you specifically deny all outside access to the box from the big bad internet? I'd do that via Iptables on your firewall. You are using a Linux firewall, aren't you? >-----Original Message----- >From: kclug-bounces(a)kclug.org [mailto:[email protected]] >On Behalf Of Jack >Sent: Friday, April 29, 2005 1:54 PM >To: Kclug >Subject: Re: local development server and mapping drives > > >--- "D. Hageman" <dhageman(a)dracken.com> wrote: >> >> You could easily use any of the following to achieve >> your goal: >> >> NFS >> Samba >> OpenAFS >> >> Each has its pros and cons. >That was kind of my point in asking. >Although I really hadn't given NFS serious thought. >Last I remember NFS was a rootkit waiting to happen. > >I'm looking for something that is somewhat >transparent, >easy to manage, doesn't need babysitting, has the *nix >approach to security. I'm not looking for a CVS. That >is another beast entirely. I'm looking for something >where, after cheking out the code I can store it on a >machine dedicated to apache/<db of choice> so my >desktop system doesn't need them running, and modify >the code from my desktop and test the changes as I go. >Then when I'm happy with it check it back into CVS. >In the process my desktop never runs the code, never >saves the code (except in cache memory) and never runs >the CVS depository. > >Thanks for the input people, >Brian D. > > >__________________________________________________ >Do You Yahoo!? >Tired of spam? Yahoo! Mail has the best spam protection around >http://mail.yahoo.com >_______________________________________________ >Kclug mailing list >Kclug(a)kclug.org >http://kclug.org/mailman/listinfo/kclug >

2 1

local development server and mapping drives
by Jack 29 Apr '05

29 Apr '05

I'm looking to add a headless server, in some out of the way location to make a webserver (intranet)/ db server. I want to use it for development of websites and database apps on, from my desktop. But, I want the ease of use of being able to read and write files without doing ftp, etc. I'd like to be able to point Quanta/Konquerer at it and have it look like a local filesystem. Is this a Samba project? Or is there another way to accomplish this, while still protecting the system from remote attacks should someone breach the firewall, or having the server inadvertantly expose itself beyond the firewall? Thanks, Brian D. __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com

6 5

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

KCLUG