attack
David Cary Hart
Fedora at TQMcube.com
Mon May 9 16:05:06 UTC 2005
On Mon, 2005-05-09 at 10:56 -0500, David Hoffman wrote:
> On 5/9/05, David Cary Hart <Fedora at tqmcube.com> wrote:
> > I use the swatch daemon to move them to the firewall after one attempt.
> > I believe that there is a swatch rpm in extras.
>
> I hope you never mis-type your user name or password.
>
> What happens if you do? Swatch picks it up as a failed attempt, and
> then blocks you? Permanently? Do you have any rules for moving them
> back out of the firewall after some cooling-off period?
>
First of all, swatch can ignore IPs such as the LAN and known hosts.
Thus, the problem of self-inflicted exile is eliminated.
Yes, I do remove SSH and SASL authentication rules firewall after 48
hours (script). I have noticed that, once tarpitted, the NEVER come
back.
BTW, I use swatch to execute scripts that further evaluate the
variables. Swatch updates our DNSBL in real time. Works like a champ.
--
Multi-RBL Check: http://www.TQMcube.com/rblcheck.htm
Kill Spam at the Source: http://www.TQMcube.com/spam_trap.htm
Today's Spam Trap Adds: http://www.TQMcube.com/BlockedToday
RBLDNSD HowTo: http://www.TQMcube.com/rbldnsd.htm
More information about the fedora-list
mailing list