Date: Mon, 21 Jan 2008 13:38:07 +0100 From: Willem Jan Withagen <wjw@digiware.nl> To: Jordi Espasa Clofent <jordi.espasa@opengea.org> Cc: freebsd-security@freebsd.org Subject: Re: denyhosts-like app for MySQLd? Message-ID: <4794922F.8090009@digiware.nl> In-Reply-To: <47947587.2010106@opengea.org> References: <47946AD3.2020601@opengea.org> <200801211226.51852.tim@priebe.alt.na> <47947587.2010106@opengea.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Jordi Espasa Clofent wrote: >> Hi, >> >> There is a functionality in pf, that allows you to have an application >> to update a list of hosts, that is used in a rule. You could have a >> script harvest the addresses from your log files, and then update the >> table in pf. I have not tried it myself, but was looking at adopting >> an implementation to create a tarpit for spammers based on this idea. > > Yes Tim, I know it. The "problem" is the servers are builded in IPFW as > firewall solution. > I've tried the "limit" IPFW's option... but isn't exactly what I'm > looking for. Have a look at swatch in the ports, and build some rules that add blocking rules to the beginning of your firewall rule set. I've got servers running with > 3500 rules ;), and the box doesn't even notices it. (you can even/easily do things in perl embedded in the rules.) The best suggestion is of course to only let those in, you want to let in. Block others by default. I'm using the above scenario on public mailservers, with harvesting from the postgrey output. And from the ssh log output. --WjW
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4794922F.8090009>