As anyone knows who has ever administered a server that is exposed to the web the Internet is a hostile place. Our servers are continually bombarded with a never ending stream of attempts to guess user ids and passwords. The source is from countless botnets and is constantly changing. I’ve tried a number of approaches to counter these attacks and I think I have come up with a solution that seems to be working.Continue reading “Blocking dictionary attacks with an adaptive iptables firewall. (CentOS)”
Recently our email servers have come under sustained brute force attacks by script kiddies doing dictionary attacks. These go on for 24 hours a day from a variety of sources including pools of IP addresses that alternate probes from a common dictionary. These were flooding the maillog with authentication errors at a rate in excess of one every 10 seconds or so.
Iptables in the Linux network stack has the ability to look inside of a packet and match a string. We’ll use that feature to pick out authentication errors on the outbound side in order to block them on the inbound side.Continue reading “Blocking SMTP brute force attacks with iptables on CentOS”