[AusNOG] Optus Abuse Contact
Trent Lloyd
lathiat at bur.st
Fri Jul 17 15:35:58 EST 2009
This obviously wont work for everything (i.e. web where people might
connect more than 10x in 60 seconds), but to stop SSH, etc brute force
attackers I use the following iptables based method:
# Block SSH attackers, e.g. drop any connections of more than 10 in 60
seconds to SSH
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --
name SSH
$IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --
update --seconds 60 --hitcount 10 --rttl --name SSH -j DROP
- Trent
On 17/07/2009, at 12:21 PM, craig at askings.com.au wrote:
> Hi Curtis,
>
> I find fail2ban a handy app to deal with those kind of problems. I
> use it
> for people doing dictionary attacks against my sip boxes.
>
> http://www.fail2ban.org/wiki/index.php/Main_Page
>
> Good luck in your quest for a contact at Optusnet. Unfortunately the
> network engineers I knew there have since moved on.
>
> Craig.
>
>> AusNOG,
>>
>> Does anybody have a contact for the OptusNet abuse department? I
>> have an
>> OptusNet cable customer in Brisbane attempting to brute force the
>> administration interface for one of my billing systems and it's
>> starting
>> to really get my goat.
>>
>> Regards,
>> Curtis
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
More information about the AusNOG
mailing list