--- "D. Hageman" wrote:
On Sat, 30 Apr 2005, Jack wrote:
Taking the box offline would take down my mail
server.
I use this yahoo account for kclug, but I get all
my
regular mail through accounts on my mail server. I didn't say the box has been compromised, I just
want
advice on blocking these attacks as much as
possible.
But I don't want to bring my box to a crawl to do
it.
You should consider getting a secondary MX server. There will be times where you just can't avoid having the box be inaccessible. If you had a secondary MX this would be a non-issue.
I would like to add a secondary MX box. It's on my wish list. However, I don't see how that would make it a non-issue. If I take one box down, then the second one would become the attack target. I'm looking for solution to reduce the attacks. The box is a "busy box", that is running several services. It runs the firewall, webserver, mail server and of course is also hosting ssh access. The primary attack is focused on the sshd. The system is running stable with one or two services apt-pinned to testing and has the latest patches. I've analysed the system remotely a little and didn't see any indications of the system actually getting cracked. I'm primarily looking for techniques and suggesstions on ways to further lock out these crackers, without bogging down the box. Also on the remote checking of the system, what are some favorite tools for this?
Thanks, Brian
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com