[Mimedefang] Somewhat OT: Dictionary attacks
Ben Kamen
bkamen at benjammin.net
Wed Jun 9 11:14:42 EDT 2004
I have and I am also running something like that - I wrote a TCL script that
does exactly what you're talking about...
It's features are:
routes IP's into the 'route add -blackhole' almost immediately.
Runs continuously based on tcl's fileevent (as to not suck CPU time)
Keeps a table in /tmp with timestamps for system reboot recovery of table
Blackholes IP's for 7 days at present (removes/updates stale entries)
can easily watch for other items as well.(I look for NOQUEUE: Possible Attack)
So far, it's been working really well... results can be seen at:
http://www.benjammin.net/www/pages/spam/cgi-bin/show-blackhole-list
The list is about half of what it normally is at... (about 60-80 entries)
If anyone would like a copy, I'd be happy to oblige.. It's a little longer than
Dave's script. Email me directly if interested...
-Ben
David F. Skoll wrote:
> Hi,
>
> Are MIMEDefang list denizens seen a huge increase in dictionary attacks?
> I know I am.
>
> Below is a shell script I run from cron every 5 minutes to firewall off
> hosts doing harvesting. It's Linux-specific, but can easily be
> adapted for other systems.
>
More information about the MIMEDefang
mailing list