Login attacks

[Kostas Sfakiotakis]

John Summerfield wrote:
> On Thursday 09 December 2004 07:19, Kostas Sfakiotakis wrote:
> 
>>All  i mean is that if someone just start's blocking  entire ranges , then
>>he might very well end up unable to surf half the Internet or even more .
>>Is there a way to block for example the range from
>>64.0.0.1 to 64.0.0.25 leaving the other IP's free ?
> 
> 
> We are talking about blocking incoming connexions. This has no implications 
> for outgoing. 

Using the 64.x.x.x example if you block incoming connections from the
hotmail region of IP's then you can't login to your hotmail account and
check your email . I was thinking of incoming connections too.

> In considering your firewall settings, review what services you offer and to 
> whom.

Am not offering any services since am just a home user . I just have 
sendmail , which
is listening to lo for connections , running since i need it with 
fetchmail.

> At school we have web, incoming and outcoming mail (SMTP and IMAP). And SSH 
> and VPN.
> 
> Web is theoretically accessible to all.
> Ditto incoming mail.
> VPN connexions are only appropriate from our local area.
> Boss travels the world and wants access to his mail; one way to ensure this is 
> make imap accessible to all.
> We'll assume nobody needs ssh connexions outside our area.
> 
> This clarifies what I can and cannot block: I can allow SSH for just our local 
> area, I can allow IMAP to our local area plus the areas the boss is likely to 
> visit, or a means for him to enable it remotely.
> 
> Note that if you're running your own mail service and have secondary MXes, 
> blocking selected areas with firewall rules is likely to be less effective 
> than you might expect; a significant amount of the spam that gets into my 
> setup does so through a designated MX.
> 
> 
> I've recently created separate zones in my shorewall rules to be picky about 
> sources of ssh connexions and it's reduced the incidents of failed logins 
> significantly.
> 
>