Date: Wed, 30 May 2012 19:18:11 -0500 (CDT) From: Robert Bonomi <bonomi@mail.r-bonomi.com> To: jbiquez@intranet.com.mx Cc: freebsd-questions@freebsd.org Subject: Re: Firewall, blocking POP3 Message-ID: <201205310018.q4V0IBBL020440@mail.r-bonomi.com> In-Reply-To: <3421248490-1670043744@intranet.com.mx>
next in thread | previous in thread | raw e-mail | index | archive | help
> From jbiquez@intranet.com.mx Wed May 30 13:48:05 2012 > Date: Wed, 30 May 2012 13:47:34 -0500 > To: Robert Bonomi <bonomi@mail.r-bonomi.com> > From: Jorge Biquez <jbiquez@intranet.com.mx> > Subject: Re: Firewall, blocking POP3 > Cc: freebsd-questions@freebsd.org > > Hello. > > Thanks a lot!. Simple an elegant solution. > > I just did that and of course it worked.... I just was wondering... > what if I need to have the service working BUT want to block those > break attemps? IN this and other services. ? > My guess is that it is a never ending process? I mean, block one, > block another, another, etc? If one knows the address-blocks that legitimate customers will be using, one can block off access from 'everywhere else'. > What the people who has big servers running for hosting services are > doing? Or you just have a policy of strng passworrds, server > up-todate and let the attemps to try forever? There are tools like 'fail2ban' that can be used to lock out persistant doorknob-rattlers. Also, one can do things like allow mail access (POP, IMAP, 'whatever') only via a port that is 'tunneled' through an SSH/SSL connection. This eliminates almost all doorknob rattling on the mail access ports, but gets lots of attempts on the SSH port. Which is generally not a problem, since the SSH keyspace is vastly larger, and more evenly distributed, than that for plaintext passwords. To eliminate virtually all the 'noise' from SSH doorknob-rattling, run it on a non-standard port. This does =not= increase the actual security of the system, but it does greatly reduce the 'noise' in the logs -- so any actual attack attempt is much more obvious.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201205310018.q4V0IBBL020440>