Re: understanding netstat -ap

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Yawar Amin <yawar.amin@gmail.com>
To: linux-newbie@vger.kernel.org
Subject: Re: understanding netstat -ap
Date: Mon, 19 Sep 2005 04:10:26 +0800	[thread overview]
Message-ID: <efc7f7d0050918131057cb52d8@mail.gmail.com> (raw)
In-Reply-To: <200509181455.38918.eric@cisu.net>

On 9/19/05, Eric Bambach <eric@cisu.net> wrote:
[...]
>  Although it wont stop the connections, what pam_abl does is auto-blacklist
> the host after so many failed attempts. They can still try to log in and it
> looks like they're authenticating but even if they have a correct
> username/password pair they will be denied! Its quite a nifty module. 
[...]

We're facing this problem also. We've considered auto-blacklisting
hosts like you say, but what if these hosts are actually simply
zombies taken over for launching brute force attacks, or external IP
addresses for a whole range of NAT'd hosts, any one of which might be
the attacker, and the rest innocent bystanders?

You could remove them from the blacklist after a while, perhaps. Or
maybe not. The problem remains: how to blacklist them very swiftly
when it's decided they're trying a brute force, and then whitelist
them again after a while so that nobody else suffers because of the
bad guys.

-- 
Yawar
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

next prev parent reply	other threads:[~2005-09-18 20:10 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-09-18  6:02 understanding netstat -ap Karthik Vishwanath
2005-09-18  6:07 ` Karthik Vishwanath
2005-09-18 14:59 ` Ray Olszewski
2005-09-18 18:34   ` joy merwin monteiro
2005-09-18 19:55   ` Eric Bambach
2005-09-18 20:10     ` Yawar Amin [this message]
2005-09-19 20:59       ` Eric Bambach

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=efc7f7d0050918131057cb52d8@mail.gmail.com \
    --to=yawar.amin@gmail.com \
    --cc=linux-newbie@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.