Comments on: Firewalling brute force attempts with IPTables http://www.briandowney.net/blog/2009/08/20/firewalling-brute-force-attempts-with-iptables/ Technical musings of an entrepreneur. Fri, 13 Jan 2012 00:37:24 +0000 hourly 1 By: Colin Castro http://www.briandowney.net/blog/2009/08/20/firewalling-brute-force-attempts-with-iptables/comment-page-1/#comment-380 Colin Castro Mon, 06 Sep 2010 21:06:48 +0000 http://www.briandowney.net/blog/?p=124#comment-380 <i>Thanks so much for the insight into how to deal with repeated attempts to gain access to a server. I get my report every morning via email, and diligently go through, and add a new firewall rule blocking access to the class C surrounding any IP that tries to gain access, then, I look up the owner of the network, and send them an email with details from my logs. I get a reply occasionally from one of the ISPs, but most of the time, they just don’t seem to care.</i> +1 Thanks so much for the insight into how to deal with repeated attempts to gain access to a server. I get my report every morning via email, and diligently go through, and add a new firewall rule blocking access to the class C surrounding any IP that tries to gain access, then, I look up the owner of the network, and send them an email with details from my logs. I get a reply occasionally from one of the ISPs, but most of the time, they just don’t seem to care.
+1

]]> By: Jerry Lumpkins http://www.briandowney.net/blog/2009/08/20/firewalling-brute-force-attempts-with-iptables/comment-page-1/#comment-367 Jerry Lumpkins Tue, 03 Nov 2009 15:13:40 +0000 http://www.briandowney.net/blog/?p=124#comment-367 Thanks so much for the insight into how to deal with repeated attempts to gain access to a server. I get my report every morning via email, and diligently go through, and add a new firewall rule blocking access to the class C surrounding any IP that tries to gain access, then, I look up the owner of the network, and send them an email with details from my logs. I get a reply occasionally from one of the ISPs, but most of the time, they just don't seem to care. It would be nice to have some central, world-wide authority that we could notify so that there was at least a composite list of all intrusion attempts. It seems that that could be published, and make it possible for all servers to get updated blocking bad guys. In the meantime, I'm going to follow your example, and add the rules you've mentioned. Thanks again, Jerry Lumpkins (My website is just personal pictures, and experiments in how to do things. No sensitive data, but, I hate it when somebody tries to break in...) Thanks so much for the insight into how to deal with repeated attempts to gain access to a server. I get my report every morning via email, and diligently go through, and add a new firewall rule blocking access to the class C surrounding any IP that tries to gain access, then, I look up the owner of the network, and send them an email with details from my logs. I get a reply occasionally from one of the ISPs, but most of the time, they just don’t seem to care.

It would be nice to have some central, world-wide authority that we could notify so that there was at least a composite list of all intrusion attempts. It seems that that could be published, and make it possible for all servers to get updated blocking bad guys.

In the meantime, I’m going to follow your example, and add the rules you’ve mentioned.

Thanks again,

Jerry Lumpkins
(My website is just personal pictures, and experiments in how to do things. No sensitive data, but, I hate it when somebody tries to break in…)

]]>