• Blocked IP's

    From Daryl Stout@1:19/33 to MATT BEDYNEK on Mon Jul 6 11:07:40 2015
    Matt,

    It is like fishing. Cast a line in the water and eventually you get a bite. MB>For these dictionaries are used to crack passwords. The only guessing is in MB>username. Believe it or not these work quite well when the work is distribu MB>among hundreds of compromised zombie hosts. If you can change your pop ser MB>port it is recommended to close that hole entirely.

    With VADV32, I've blocked all email IP's, except the incoming ones
    from my email server. If they repeatedly try to crash the deal here, it
    ends up in the cached IP file (which then refuses the connection
    entirely), or I'll put it in the blocked IP address...same result.

    Daryl

    ---
    ■ OLX 1.53 ■ Scuba divers do it deeper.

    --- Virtual Advanced Ver 2 for DOS
    * Origin: The Thunderbolt BBS (1:19/33)
  • From mark lewis@1:3634/12.73 to Daryl Stout on Tue Jul 7 11:20:12 2015

    06 Jul 15 11:07, you wrote to MATT BEDYNEK:

    It is like fishing. Cast a line in the water and eventually you get
    a bite. For these dictionaries are used to crack passwords. The only
    guessing is in username. Believe it or not these work quite well
    when the work is distribu among hundreds of compromised zombie hosts.
    If you can change your pop ser port it is recommended to close that
    hole entirely.

    With VADV32, I've blocked all email IP's, except the incoming ones
    from my email server. If they repeatedly try to crash the deal here,
    it ends up in the cached IP file (which then refuses the connection entirely), or I'll put it in the blocked IP address...same result.

    the thing i never liked about doing that is that it leaves the server to deal with the rejections instead of serving answers to requests... one can be DDoSed
    by simply having rafts and rats of blocked IPs hitting all at once for a sustained period... i prefer a dedicated protection system for that purpose... then there's the thing about dynamic IPs being in the block lists... most of those are from compromised machines that get cleaned up and/or get a new IP... when that happens, the old blocked IP is taking up room and shouldn't be in the
    list any more since it is no longer dangerous...

    the system i use blocks only known attacks and for a limited random time limit after which the IP is removed from the block list... as long as the attacking IP tries to connect, the blocking limit is extended... the only way out is for them to move on to another system and let the blocking period elapse... that allows them to connect normally again and if they start another attack, they are blocked again... the system works very well and i do not end up with thousands of blocked IPs to try to manage manually... my blocking system is currently managing an average of 300 blocked IPs instead of thousands upon thousands... since it is also automated, i'm not burdened with having to maintain the lists of IPs... i tried that one time before implementing my current system and found myself spending 10 - 12 hours a day doing nothing but IP management and not getting anything else done at all...

    )\/(ark

    ... We all know you're a masticator.
    ---
    * Origin: (1:3634/12.73)
  • From Daryl Stout@1:19/33 to MARK LEWIS on Wed Jul 8 17:39:10 2015
    Mark,

    the thing i never liked about doing that is that it leaves the server to dea ML>with the rejections instead of serving answers to requests... one can be DDo ML>by simply having rafts and rats of blocked IPs hitting all at once for a ML>sustained period... i prefer a dedicated protection system for that purpose. ML>then there's the thing about dynamic IPs being in the block lists... most of ML>those are from compromised machines that get cleaned up and/or get a new IP. ML>when that happens, the old blocked IP is taking up room and shouldn't be in ML>list any more since it is no longer dangerous...

    With VADV32, it has a cached IP list, and if an IP is in there, the connection is refused. After a certain period of time, that entry is
    cleared. I have had several attempted connects from the same IP nearly simultaneously.

    With VSMTP32 (VADV32's email client), the only IP I allow is the one
    from my mail server (DuoCircle, formerly DYNDNS). With their VIP account
    for my domain (wx1der.dyndns.org), and the basic email deal (used mainly
    for the new user verification), I pay around $10 a month.

    Daryl

    ---
    ■ OLX 1.53 ■ Mind like a steel trap: Rusty, and illegal in 37 states.

    --- Virtual Advanced Ver 2 for DOS
    * Origin: The Thunderbolt BBS (1:19/33)