SMTP Attacks
Harold Hallikainen
harold at hallikainen.com
Tue Oct 24 18:46:52 UTC 2006
> On Tue, Oct 24, 2006 at 10:43:37AM -0700, Rick Stevens wrote:
>> I'm rather hesitant to post it publicly. I can only say that these
>> are the networks I've had the most trouble with and the ones that have
>> ignored my requests to block such behavior. I'm NOT condemning everyone
>> on these networks, but there seems to be a lot of *ssholes on them.
>>
>> Ah, hell, I'll throw caution to the winds. Here's the iptables rules
>> I've developed:
>>
>> # Block traffic from known spam sources...
>> -A INPUT -s 201.42/15 -p tcp -j DROP
>
> And in other news, Rick Stevens has been named as an additional
> defendant in I360 Insight's lawsuit against The Spamhaus Project....
>
> :-)
>
>
>> -A INPUT -s 200.176.112/21 -p tcp -j DROP
>> -A INPUT -s 202.158.29.0/255.255.255.0 -p tcp -j DROP
>> -A INPUT -s 203.228.187.0/255.255.255.0 -p tcp -j DROP
>> -A INPUT -s 209.223.0.0/255.255.0.0 -p tcp -j DROP
>> -A INPUT -s 218.0.0.0/255.0.0.0 -p tcp -j DROP
>> -A INPUT -s 219.251.88.0/255.255.252.0 -p tcp -j DROP
>
>
I might mess around with another copy of the sshblack script and have it
watch the mail logs and block IP addresses that appear to be attacking the
server. I already have a copy watching the ssh log and another watching
the httpd log.
THANKS!
Harold
--
FCC Rules Updated Daily at http://www.hallikainen.com - Advertising
opportunities available!
More information about the Redhat-install-list
mailing list