[CentOS] what percent of time are there unpatched exploits against default config?
Alex Milojkovic
centos at businessforce.caMon Jan 2 05:47:56 UTC 2012
- Previous message: [CentOS] what percent of time are there unpatched exploits against default config?
- Next message: [CentOS] sa-update error with perl
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I actually found a link on Apnic's web site to their IPv4 netblocks which helped me eliminate their traffic. http://www.apnic.net/publications/research-and-insights/ip-address-trends/ap nic-resource-range This solved most of my problems. There are not as many lines as one would expect. Just go to other NICs and look for this info -Alex -----Original Message----- From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Nataraj Sent: Sunday, January 01, 2012 3:26 PM To: centos at centos.org Subject: Re: [CentOS] what percent of time are there unpatched exploits against default config? On 12/30/2011 09:02 PM, Alex Milojkovic wrote: > Scenario of botnet with 1000 PCs making attempts to crack are password ain't gonna happen. > On one system that I run, for a fairly popular domain, I see botnet attacks trying to break in to the pop and ftp ports as well as botnet spam and SASL auth attacks on the smtp port. My ssh port is not open to the outside world. The attacks come and go in waves, but If I don't use various limiting tools, they will try sometimes to make as many as 50 simultaneous connections to my server. I saw this the worst with spam on the smtp port. fail2ban is not so effective on botnet attacks. Newer version of postfix include postscreen, a front end which blocks botnet attacks (but only for smtp connections). I plan to install it. I have found that most of the attacks are coming from china, south korea, japan, russia, various south american countries. I would like to start blocking access to certain services from some countries. I've been considering using ipdeny.com data. Does ipset work with the existing kernel under CentOS 5 and if so is there an RPM available? I've goggled around a bit, but haven't found anything. >From http://ipset.netfilter.org/ I'm led to believe that the current kernel should support it. Nataraj _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos
- Previous message: [CentOS] what percent of time are there unpatched exploits against default config?
- Next message: [CentOS] sa-update error with perl
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list