Server Probing
m.roth at 5-cent.us
m.roth at 5-cent.us
Tue Jan 29 16:54:28 UTC 2013
Stephen Gilbert wrote:
>
>
> On Tue, Jan 29, 2013 at 11:18 AM, Florez, Nestor <NFlorez at sdcwa.org>
> wrote:
>
>> Hi,
>>
>> I apologize is this is the wrong place to ask about probing.
>>
>> Some of our servers were probed back on the 24th of January
>> By these IP addresses
<snip>
>> And in the last 24 hours by these IP addresses
<snip>
> I use iptables to lock down any ports I don't want exposed, then use
> fail2ban to block people trying to brute force their way in.
Second on fail2ban. We use it here at work, and we get scanned a *lot*,
both by the security team, and a lot of places around the world - Brazil,
China, Germany (did I mention China), etc - but we're a US government
facility, and so an obvious target.
mark
More information about the redhat-list
mailing list