On Thu, May 14, 2009 at 5:48 PM, Bill Campbell centos@celestial.com wrote:
On Thu, May 14, 2009, James B. Byrne wrote:
Over the weekend one of our servers at a remote location was hammered by an IP originating in mainland China. This attack was only noteworthy in that it attempted to connect to our pop3 service.
You might look at fail2ban which can automatically create iptables blocks when things like this happen.
Bill
INTERNET: bill@celestial.com Bill Campbell; Celestial Software LLC URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way Voice: (206) 236-1676 Mercer Island, WA 98040-0820 Fax: (206) 232-9186 Skype: jwccsllc (206) 855-5792
Manual, n.: A unit of documentation. There are always three or more on a given item. One is on the shelf; someone has the others. The information you need is in the others. -- Ray Simard _______________________________________________
fail2ban does a good job of automatically blocking any IP which constantly tries to login to any service with an incorrect password.
Another option, with even more control, is ConfigServer firewall (or other firewalls), which can monitor various aspects of your network and block unwanted users on demand.