[CentOS] what percent of time are there unpatched exploits against default config?

Alex Milojkovic centos at businessforce.ca
Mon Jan 2 05:47:56 UTC 2012


I actually found a link on Apnic's web site to their IPv4 netblocks which
helped me eliminate their traffic.

http://www.apnic.net/publications/research-and-insights/ip-address-trends/ap
nic-resource-range

This solved most of my problems.
There are not as many lines as one would expect.
Just go to other NICs and look for this info

-Alex





-----Original Message-----
From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf
Of Nataraj
Sent: Sunday, January 01, 2012 3:26 PM
To: centos at centos.org
Subject: Re: [CentOS] what percent of time are there unpatched exploits
against default config?

On 12/30/2011 09:02 PM, Alex Milojkovic wrote:
> Scenario of botnet with 1000 PCs making attempts to crack are password
ain't gonna happen. 
>
On one system that I run, for a fairly popular domain, I see botnet attacks
trying to break in to the pop and ftp ports as well as botnet spam and SASL
auth attacks on the smtp port.  My ssh port is not open to the outside
world.

The attacks come and go in waves, but If I don't use various limiting tools,
they will try sometimes to make as many as 50 simultaneous connections to my
server.  I saw this the worst with spam on the smtp port.

fail2ban is not so effective on botnet attacks.  Newer version of postfix
include postscreen, a front end which blocks botnet attacks (but only for
smtp connections).  I plan to install it.

I have found that most of the attacks are coming from china, south korea,
japan, russia, various south american countries.  I would like to start
blocking access to certain services from some countries.  I've been
considering using ipdeny.com data.

Does ipset work with the existing kernel under CentOS 5 and if so is there
an RPM available?  I've goggled around a bit, but haven't found anything.
>From http://ipset.netfilter.org/ I'm led to believe that the current kernel
should support it.

Nataraj

_______________________________________________
CentOS mailing list
CentOS at centos.org
http://lists.centos.org/mailman/listinfo/centos





More information about the CentOS mailing list