On Wed, 05 Jul 2006 16:48:02 +0200, Nikola said:
> When one of the servers detects 5 logins in a row from the same IP ADDRESS
> in given time it marks that IP and stores it in database...and when
> other hosts
> detect failed logins...they check database and if host is marked BAD the put
> it in IPTABLES -j DROP.
>
> With this approach I have ring of detect/protect system that guards from
> potential 31337 crackers ......
>
> Whole idea is bigger than this...but i leave it to your
> imagination....because
> it's really easy to extend this idea to anything......
In many cases, it's a lot easier to just use iptables or Windows IPSEC
filtering to only allow packets from the 2 or 3 /16's of addresses that *should*
be connecting, and just deny the others.
Remember - estimates are from 1 to 10 million zombie boxes out there. Trying
to ban them one by one is a losing proposition, they're being created faster
than you can ban them.
- application/pgp-signature attachment: stored
Received on Jul 05 2006
Intro
