--- Frank Wiles wrote:
On Sun, 1 May 2005 20:27:02 -0700 (PDT) Jack [email protected] wrote:
I have about half of the addresses blocked, but
what
is the impact of adding 150 ip addresses to iptables
with
potentially hundreds more over time? At what point will iptables eat up all my bandwidth in blocking addresses?
Just to add to what Dave said...
I have a production server that is fairly low end hardware that currently has 2952 iptables rules that block individual IPs, several /24 networks, and a handful of /16s. There is no noticeble impact on the box.
Wow! That's great news! Ok, so the plan looks rto be to add the ipaddresses to iptables and change the port for sshd. Other ports are being probed and attacked, but not as frequently and not nearly as aggressively. I'll modify my blacklist gathering script to automatically add the new addresses to iptables and send me an email listing the new addresses.
Thanks everyone!
Brian
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
On Mon, 2 May 2005 07:14:16 -0700 (PDT) Jack [email protected] wrote:
Wow! That's great news! Ok, so the plan looks rto be to add the ipaddresses to iptables and change the port for sshd. Other ports are being probed and attacked, but not as frequently and not nearly as aggressively. I'll modify my blacklist gathering script to automatically add the new addresses to iptables and send me an email listing the new addresses.
I would block all ports from those addresses. If they are attacking you on one port they could very well be attacking you on others. I guess you have to ask yourself the question, "Is there any reason I would need/want E-mail from an IP that is actively attacking me or is otherwise compromised?" If you answer yes, then I think you might need your head examined. ;)
--------------------------------- Frank Wiles [email protected] http://www.wiles.org ---------------------------------
-
Frank Wiles -
Jack