Ruminations on an SSH attack
Bruce Dawson
jbd at codemeta.com
Mon Dec 19 13:22:00 EST 2005
Ben Scott wrote:
>On 12/19/05, Bruce Dawson <jbd at codemeta.com> wrote:
>
>
>>I wish there was something like RBL that listed bogons so I could
>>block them. A lot of attacks lately have been coming from them.
>>
>>
>
>http://www.cymru.com/Bogons/
>
>I'm not sure those are the bogons you are looking for, though.
>
>
They are.
And this could cut down on the spam coming from bogons (for those who
use sendmail):
FEATURE(dnsbl, `bogons.dnsiplists.completewhois.com',
`$&{client_addr} blocked by firewall, source IP not assigned (Bogon).'
(Courtesy of
http://moongroup.com/pipermail/mailhelp/2004-October/001449.html)
But I guess a better place to stop them would be in tcpwrappers or even
the firewall, but I haven't figured out a way to wedge something like
RBL into tcpwrappers or iptables/ipchains. Any ideas?
--Bruce
More information about the gnhlug-discuss
mailing list