[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Thu, 23 Jul 2009, Simon Waters wrote: > Gordon Henderson wrote: >> >> Seeing very few anonymous attempts right now. Several dictionary attacks >> from Belgium... and one site trying to connect as "USER Administrator" >> 7000 times in the past week... (From somewhere in Indonesia) > > Do you not kill such attempts using fail2ban or similar. Sometimes. Not usually an issue though. Creates yet another log-file to look at.. Got more on my plate right now though - someone has decided to DDoS one of my servers )-: Almost wiped me out earlier. Took my connection up to 60Mb/sec and 100,000 packets/sec )-: It would have been more but my poor Linux routers met their match. (more in terms of pps than b/w - they'll route 100Mb/sec OK if it's a sensible sized packets!) This was a SYN flood attack aimed at just one IP address & port 80. Fortunately I have an understanding ISP who were clued up enough to be able to black-home the incoming data at their borders for me earler - re-enabled now, but it's still going on... However, it's dying off now - currently down to about 5Mb/sec. Got a capture - 79 unique hosts in 10,000 packets. (if I trust the hosts not to be forged!) I'd hate to think what it was at it's peak. All those PCs, all over the world pumping out data. What a waste... And I know I'd like to blame Win PCs, but I've seen DDoS code for Linux (installed on my own servers thanks to buggy phpBB!) - there are countless Linux hosts out there too, part of zombie networks, just waiting for a command... Why? Who knows )-: B'stards. Gordon -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html