Date: Thu, 05 May 2005 10:04:17 -0600 From: Ed Stover <estover@nativenerds.com> To: Alex Teslik <alex@acatysmoof.com> Cc: freebsd-questions@freebsd.org Subject: Re: dynamically limit ip connections to ports over time? Message-ID: <427A4401.30105@nativenerds.com> In-Reply-To: <20050504021412.M91151@acatysmoof.com> References: <20050504021412.M91151@acatysmoof.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Alex Teslik wrote: > Hi all, > > I have been running a FreeBSD box for a few years. Over this time spammers > and other unfriendlies have found my box and have been attacking at a slowly > increasing rate. Every night the daily periodic scripts run and report to me > the number of rejected mail hosts. Last week, one of the rejected mail hosts > had the number of rejections listed at 3000. My hard drive has been getting > louder and louder as it gets busier rejecting and logging all of these and now > I would like to do something about it... but I'm not sure what I can do. When > the hard drive is at its busiest I see mail being virus and spam scanned at a > dizzying rate (tail -f /var/log/maillog), hence the hard drive grinding. > What I would LIKE to do is allow any ip to connect to a port for a > specified number of times per minute. If they connect too many times than I > would like to freeze them out for a specified amount of time. This solution > should be dynamic so that I don't need to constantly monitor the offending ip > addresses. <snipped> Here is an idea, try grey listing for denying spam and portsentry to keep the un-friendlies blocked. Both programs are fairly simple to setup and maintain. Greylisting will deny incoming email for a set amount of retries and time, thus you only get mail from real mail servers because spammers don't usually try resending the spam after the initially list has run. Portsentry is designed to detect incoming scans and block deny the IP afterwards. It is kinda like a honey pot but funner ;)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?427A4401.30105>