[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] consistently pounded

Subject: RE: [cobalt-security] consistently pounded
From: "Soda, Marc" <Msoda@xxxxxxxxx>
Date: Wed, 24 May 2000 08:59:57 -0400

Theo,

Using tcp-wrappers is bad idea, as I think someone pointed out earlier in
this thread.  Using .htaccess will work or you could just filter them at the
packet level using ipchains or ipfwadm, depending on your kernel.  Both come
with RedHat, but I don't know if Cobalt removed them.  At any rate, you can
easily download them off the web.  I'd be happy to help you out with the
filtering rules.

Marc Soda
ASPRE, Inc.
msoda@xxxxxxxxx
http://www.aspre.net/

e-Business that works
---------------------------------
The first exclusive e-Business Application Service Provider (ASP)

v. 215.957.2266 Ext. 130
f. 215.957.2277

110 Gibraltar Road, Suite 105
Horsham, PA 19044



-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Adam Crews
Sent: Tuesday, May 23, 2000 11:48 PM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-security] consistently pounded


On Tue, 23 May 2000, Brent Sims wrote:

  | Date: Tue, 23 May 2000 21:27:56 -0600 (MDT)
  | From: Brent Sims <brent@xxxxxxxxxxx>
  | Reply-To: cobalt-security@xxxxxxxxxxxxxxx
  | To: cobalt-security@xxxxxxxxxxxxxxx
  | Subject: Re: [cobalt-security] consistently pounded
  | 
  | On Tue, 23 May 2000, Theodore Jones so wrote:
  | 
  | } So why isn't there a siimple way to have a script watch the error log
report
  | } and just add certain IP numbers to the hosts.deny file...?
  | 
  | 	I have not actually looked at the configuration file but tcp
  | wrappers does not watch the httpd port by default.

It would also reqire a change in the way http is run.

  | 
  | } > I would strongly discourage tcp wrappers on the http port. You will
get a
  | } > huge performance hit.  one of the ways that a web server an be so
fast is
  | } > because it has several daemons running and waiting for connections.
  | 
  | 	While the performance hit is indeed correct, the attack, as
  | I understand things, exists in real time. Thus the choice is to sit
  | back and watch hoping for the best, or to take some form of
  | proactive action. 
  | 

The best option that was mentioned is to add the 
deny ip.ip.ip.ip 
to the .htaccess file.

this will just deny them all together and not even put up the passwd
prompt on the client end.

-adam




_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security

Prev by Date: RE: [cobalt-security] SSH RSA Authentication on Raq2
Next by Date: RE: [cobalt-security] consistently pounded
Previous by thread: Re: [cobalt-security] consistently pounded
Next by thread: RE: [cobalt-security] consistently pounded

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index