Re: [opensuse] More dictionary attacks
- From: Richard Creighton <ricreig@xxxxxxxxx>
- Date: Wed, 18 Jul 2007 09:08:29 -0400
zoran wrote:
Richard,
Try to congigure your router, actually ban intruders IP in router., if
possible depends on manufacture. This wil save you a lot of time and it's
much more relaible.
Kind regards,
Zoran
<snip>
I feel this is probably impractical simply because the IP of the
attacker never repeats so every attack would be from an IP that is not
in the list. What I need is a DYNAMICly created list, which is what I
thought the 'recent' feature of iptables was supposed to do. I still
haven't given up hope that this worm (if that is what it is) is
stoppable using this feature but it appears to come in from a different
IP *and* a different PORT each attack, making it hard to trap until the
attack actually starts. In fact, the port changes *during* the attack.
So far, I have not seen anything I can get my teeth into but the
router seems to be too low a level to detect/trap this beast.
Richard
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
- References:
- [opensuse] More dictionary attacks
- From: Richard Creighton
- Re: [opensuse] More dictionary attacks
- From: Richard Creighton
- Re: [opensuse] More dictionary attacks
- From: koffiejunkie
- Re: [opensuse] More dictionary attacks
- From: zoran
- [opensuse] More dictionary attacks
- Prev by Date: Re: [opensuse] Cannot shut down
- Next by Date: Re: [opensuse] Re: HI-JACKED THREAD, was: dictionary attacks / [$HOME NFS-mounted]
- Previous by thread: Re: [opensuse] More dictionary attacks
- Next by thread: [opensuse] Loosing KDE settings (again)
- Index(es):
Relevant Pages
|
