On Sat, 30 Apr 2005 21:52:02 -0700 (PDT) Jack [email protected] wrote:
I would like to add a secondary MX box. It's on my wish list. However, I don't see how that would make it a non-issue. If I take one box down, then the second one would become the attack target. I'm looking for solution to reduce the attacks. The box is a "busy box", that is running several services. It runs the firewall, webserver, mail server and of course is also hosting ssh access. The primary attack is focused on the sshd. The system is running stable with one or two services apt-pinned to testing and has the latest patches. I've analysed the system remotely a little and didn't see any indications of the system actually getting cracked. I'm primarily looking for techniques and suggesstions on ways to further lock out these crackers, without bogging down the box. Also on the remote checking of the system, what are some favorite tools for this?
The best way to lock out these attackers is to simply use iptables to block their IPs from accessing your system. It doesn't prevent a DoS on your available bandwidth, but it keeps them from bugging your system. I'm not sure why this hasn't been suggested before.
--------------------------------- Frank Wiles [email protected] http://www.wiles.org ---------------------------------