[ previous ] [ next ] [ threads ]
 From:  Peter <peter at iwebsl dot com>
 To:  Steve Yates <steve at teamITS dot com>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] loadable block lists
 Date:  Wed, 14 Sep 2005 07:42:36 -0400
Thanks for the reply. 

They could be coming from zombie machines but SSH/telnet definitely not. As I stated in my original
email the new IP's used are declining most attacks are the same IP's over and over. Luckily the new
ones are easy to identify. 

I generally know an attack is coming because there will be multiple hits from whois.sc and netcraft
then one or 2 of the IPs from the block list will show up in the server log. Within a hour I'll get
thousands of hits. 

One attack lasted about 12 hours the same IP's over and over. The requests were all blocked and my
connection throttling prevented DOS but still the fact is they still came through the firewall and
the web server still had to deal with them which is what I'd like to prevent.


On Tue, 13 Sep 2005 09:36:55 -0500, Steve Yates wrote:
> On Tue, 13 Sep 2005 09:15:13 -0400
> Peter <peter at iwebsl dot com> wrote:
>> I run a web site that is continually under attack by script
>> kiddies with password hurlers.
> Is this SSH/telnet?  See http://www.teamITS.com/resources/ for
> one idea.  In our experience these attacks probably run from zombie
> PCs
> since they don't seem to repeat very often, if at all.  Once an IP
> is
> blocked and can't connect it moves on and doesn't try again.  You
> could
> adapt the idea if you are using web authentication, to save the
> connecting IP via your authentication script and programmatically
> add
> your /etc/hosts entries for port 80.
> - Steve Yates
> - ITS, Inc.
> - Nightmare: Cat with opposable thumbs.
> ~ Taglines by Taglinator 4 - www.srtware.com ~
> --------------------------------------------------------------------
> -
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch