Subj : Blocked IP's
To   : Daryl Stout
From : mark lewis
Date : Tue Jul 07 2015 11:20 am


06 Jul 15 11:07, you wrote to MATT BEDYNEK:

MB>> It is like fishing.  Cast a line in the water and eventually you get
MB>> a bite. For these dictionaries are used to crack passwords.  The only
MB>> guessing is in username.  Believe it or not these work quite well
MB>> when the work is distribu among hundreds of compromised zombie hosts.
MB>> If you can change your pop ser port it is recommended to close that
MB>> hole entirely.

DS> With VADV32, I've blocked all email IP's, except the incoming ones
DS> from my email server. If they repeatedly try to crash the deal here,
DS> it ends up in the cached IP file (which then refuses the connection
DS> entirely), or I'll put it in the blocked IP address...same result.

the thing i never liked about doing that is that it leaves the server to deal
with the rejections instead of serving answers to requests... one can be DDoSed
by simply having rafts and rats of blocked IPs hitting all at once for a
sustained period... i prefer a dedicated protection system for that purpose...
then there's the thing about dynamic IPs being in the block lists... most of
those are from compromised machines that get cleaned up and/or get a new IP...
when that happens, the old blocked IP is taking up room and shouldn't be in the
list any more since it is no longer dangerous...

the system i use blocks only known attacks and for a limited random time limit
after which the IP is removed from the block list... as long as the attacking
IP tries to connect, the blocking limit is extended... the only way out is for
them to move on to another system and let the blocking period elapse... that
allows them to connect normally again and if they start another attack, they
are blocked again... the system works very well and i do not end up with
thousands of blocked IPs to try to manage manually... my blocking system is
currently managing an average of 300 blocked IPs instead of thousands upon
thousands... since it is also automated, i'm not burdened with having to
maintain the lists of IPs... i tried that one time before implementing my
current system and found myself spending 10 - 12 hours a day doing nothing but
IP management and not getting anything else done at all...

)\/(ark

... We all know you're a masticator.
---
* Origin:  (1:3634/12.73)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.