[Gllug] honeypots and iptables redirects?
Chris Bell
chrisbell at overview.demon.co.uk
Sat Sep 3 18:39:14 UTC 2005
On Sat 03 Sep, Benedikt Heinen wrote:
>
>
> Seeing how many people just try ssh brute force break-in attempts is
> starting to make me feel sick... :-(
>
I have an old 486 box running as a transparent bridge between my ADSL
modem and my main firewall box, so I can run ebtables and/or iptables to
identify and simply drop unwanted packets before they even see the firewall
box. I can limit the number of new connection attempts by source IP,
destination IP, service, and port. Bridge control on Debian Sarge makes it
incredibly easy.
One thing I have not yet done, but may soon need to investigate, is to
block incoming POP3 mail by its numerical source IP address. Named abuse
administrators are sometimes unreachable or do not attempt to clean up
problem sources, so I would prefer to block all mail from their IP address
blocks.
--
Chris Bell
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list