Need for new openSUSE users - Suse

This is a discussion on Need for new openSUSE users - Suse ; Bernd Felsche wrote: > Security is a process. If the aim is to minimise log file sizes > then that could frustrate future penetration analysis. Depends on what you need it for, > Knowing the source-IP range of legitimate users ...

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 21 to 25 of 25

Thread: Need for new openSUSE users

  1. Re: Need for new openSUSE users

    Bernd Felsche wrote:
    > Security is a process. If the aim is to minimise log file sizes
    > then that could frustrate future penetration analysis.


    Depends on what you need it for,

    > Knowing the source-IP range of legitimate users is very useful at
    > limiting ssh opens; but attempts to open the port from elsewhere ought
    > still be logged as a dropped-packet at the firewall.


    Whith what I use, it is still easy to see those details. The blocked
    sites are still logged and the yet unblocked ones as well.

    > Identification of the "bad guys" from such activity can be useful in
    > e.g. also blacklisting SMTP access.


    And that blocking is just what this thing does. You can also use it to
    block SMTP traffic where the logins and passwords are not correct after
    X amount of times.
    Obviously all other SMTP access without passwords is blocked by default.

    houghi
    --
    You can have my keyboard ...
    if you can pry it from my dead, cold, stiff fingers

  2. Re: Need for new openSUSE users

    houghi wrote:
    >
    > The correct way obviously is to quote inline and remove excessive
    > text.


    I did. I removed all your text. Retaining it was unnecessary and
    irrelevant, as I was suggesting an alternative.

    >
    > I almost never go and read files, unless I have to be there. It is nice
    > to know somebody does. It is indeed a nice way to block floods. The
    > difference is that my way will block the IP adress for a certain amount
    > of time, while I think this will block things for 60 seconds. After the
    > 60 seconds, the counter starts again. At least that is how I read it.


    Yes, but the hold time is arbitrary. One could, for example, use 900.

    >
    > So please quote properly, don't asume that what you see is the same as
    > what I see and elaborate.


    I'll ignore the former, since I am already doing so, and be mindful of
    the latter.

  3. Re: Need for new openSUSE users

    Gary Gapinski wrote:


    >> I almost never go and read files, unless I have to be there. It is nice
    >> to know somebody does. It is indeed a nice way to block floods. The
    >> difference is that my way will block the IP adress for a certain amount
    >> of time, while I think this will block things for 60 seconds. After the
    >> 60 seconds, the counter starts again. At least that is how I read it.

    >
    > Yes, but the hold time is arbitrary. One could, for example, use 900.


    I understand that. Still seems a odd way of doing things and a more
    apropriate time would be 43200 or 86400 (12 or 24 hours)

    Strange that they went for such a short period.

    houghi
    --
    You can have my keyboard ...
    if you can pry it from my dead, cold, stiff fingers

  4. Re: Need for new openSUSE users

    houghi wrote:
    >Bernd Felsche wrote:
    >> Security is a process. If the aim is to minimise log file sizes
    >> then that could frustrate future penetration analysis.


    >Depends on what you need it for,


    Future penetration analysis. :-)

    >> Identification of the "bad guys" from such activity can be useful in
    >> e.g. also blacklisting SMTP access.


    >And that blocking is just what this thing does. You can also use it to
    >block SMTP traffic where the logins and passwords are not correct after
    >X amount of times.


    >Obviously all other SMTP access without passwords is blocked by default.


    You don't run an MX then...
    --
    /"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
    \ / ASCII ribbon campaign | Science is the belief in
    X against HTML mail | the ignorance of the experts.
    / \ and postings | -- Richard Feynman

  5. Re: Need for new openSUSE users

    Bernd Felsche wrote:
    >>And that blocking is just what this thing does. You can also use it to
    >>block SMTP traffic where the logins and passwords are not correct after
    >>X amount of times.

    >
    >>Obviously all other SMTP access without passwords is blocked by default.

    >
    > You don't run an MX then...


    I was waiting for this. :-D

    I first wanted to elaborate how I was specificaly not talking that kind
    of trafic and then I thought, sod it, people will understand I was
    talking about users getting access to ESMTP servers and not the mail
    delivery in itself.

    houghi
    --
    You can have my keyboard ...
    if you can pry it from my dead, cold, stiff fingers

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2