Re: Need for new openSUSE users
Bernd Felsche wrote:[color=blue]
> Security is a process. If the aim is to minimise log file sizes
> then that could frustrate future penetration analysis.[/color]
Depends on what you need it for,
[color=blue]
> Knowing the source-IP range of legitimate users is very useful at
> limiting ssh opens; but attempts to open the port from elsewhere ought
> still be logged as a dropped-packet at the firewall.[/color]
Whith what I use, it is still easy to see those details. The blocked
sites are still logged and the yet unblocked ones as well.
[color=blue]
> Identification of the "bad guys" from such activity can be useful in
> e.g. also blacklisting SMTP access.[/color]
And that blocking is just what this thing does. You can also use it to
block SMTP traffic where the logins and passwords are not correct after
X amount of times.
Obviously all other SMTP access without passwords is blocked by default.
houghi
--
You can have my keyboard ...
if you can pry it from my dead, cold, stiff fingers
Re: Need for new openSUSE users
houghi wrote:[color=blue]
>
> The correct way obviously is to quote inline and remove excessive
> text.[/color]
I did. I removed all your text. Retaining it was unnecessary and
irrelevant, as I was suggesting an alternative.
[color=blue]
>
> I almost never go and read files, unless I have to be there. It is nice
> to know somebody does. It is indeed a nice way to block floods. The
> difference is that my way will block the IP adress for a certain amount
> of time, while I think this will block things for 60 seconds. After the
> 60 seconds, the counter starts again. At least that is how I read it.[/color]
Yes, but the hold time is arbitrary. One could, for example, use 900.
[color=blue]
>
> So please quote properly, don't asume that what you see is the same as
> what I see and elaborate.[/color]
I'll ignore the former, since I am already doing so, and be mindful of
the latter.
Re: Need for new openSUSE users
Gary Gapinski wrote:
<snip things I disagree with>
[color=blue][color=green]
>> I almost never go and read files, unless I have to be there. It is nice
>> to know somebody does. It is indeed a nice way to block floods. The
>> difference is that my way will block the IP adress for a certain amount
>> of time, while I think this will block things for 60 seconds. After the
>> 60 seconds, the counter starts again. At least that is how I read it.[/color]
>
> Yes, but the hold time is arbitrary. One could, for example, use 900.[/color]
I understand that. Still seems a odd way of doing things and a more
apropriate time would be 43200 or 86400 (12 or 24 hours)
Strange that they went for such a short period.
houghi
--
You can have my keyboard ...
if you can pry it from my dead, cold, stiff fingers
Re: Need for new openSUSE users
houghi <houghi@houghi.org.invalid> wrote:[color=blue]
>Bernd Felsche wrote:[color=green]
>> Security is a process. If the aim is to minimise log file sizes
>> then that could frustrate future penetration analysis.[/color][/color]
[color=blue]
>Depends on what you need it for,[/color]
Future penetration analysis. :-)
[color=blue][color=green]
>> Identification of the "bad guys" from such activity can be useful in
>> e.g. also blacklisting SMTP access.[/color][/color]
[color=blue]
>And that blocking is just what this thing does. You can also use it to
>block SMTP traffic where the logins and passwords are not correct after
>X amount of times.[/color]
[color=blue]
>Obviously all other SMTP access without passwords is blocked by default.[/color]
You don't run an MX then...
--
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ / ASCII ribbon campaign | Science is the belief in
X against HTML mail | the ignorance of the experts.
/ \ and postings | -- Richard Feynman
Re: Need for new openSUSE users
Bernd Felsche wrote:[color=blue][color=green]
>>And that blocking is just what this thing does. You can also use it to
>>block SMTP traffic where the logins and passwords are not correct after
>>X amount of times.[/color]
>[color=green]
>>Obviously all other SMTP access without passwords is blocked by default.[/color]
>
> You don't run an MX then...[/color]
I was waiting for this. :-D
I first wanted to elaborate how I was specificaly not talking that kind
of trafic and then I thought, sod it, people will understand I was
talking about users getting access to ESMTP servers and not the mail
delivery in itself.
houghi
--
You can have my keyboard ...
if you can pry it from my dead, cold, stiff fingers
