[CentOS] what percent of time are there unpatched exploits against default config?

Nataraj incoming-centos at rjl.com
Sun Jan 1 23:25:50 UTC 2012


On 12/30/2011 09:02 PM, Alex Milojkovic wrote:
> Scenario of botnet with 1000 PCs making attempts to crack are password ain't gonna happen. 
>
On one system that I run, for a fairly popular domain, I see botnet
attacks trying to break in to the pop and ftp ports as well as botnet
spam and SASL auth attacks on the smtp port.  My ssh port is not open to
the outside world.

The attacks come and go in waves, but If I don't use various limiting
tools, they will try sometimes to make as many as 50 simultaneous
connections to my server.  I saw this the worst with spam on the smtp port.

fail2ban is not so effective on botnet attacks.  Newer version of
postfix include postscreen, a front end which blocks botnet attacks (but
only for smtp connections).  I plan to install it.

I have found that most of the attacks are coming from china, south
korea, japan, russia, various south american countries.  I would like to
start blocking access to certain services from some countries.  I've
been considering using ipdeny.com data.

Does ipset work with the existing kernel under CentOS 5 and if so is
there an RPM available?  I've goggled around a bit, but haven't found
anything.  From http://ipset.netfilter.org/ I'm led to believe that the
current kernel should support it.

Nataraj




More information about the CentOS mailing list