El Jueves, 31 de Mayo de 2007 14:37, Mohamad Mneimneh escribió:
Hi List,
I've been experiencing brute force dictionary attacks from various
sources against my gateway. The attacker is trying all kinds of
username/password combinations to get in.
I have traced the source IP addresses on internet authorities such as
Ripe, Arin & Apnic; the feedback I get is that "Country is really world
wide". I then traced the IPs using visual route, and saw that their
locations vary widely; some of them are in the US, some in China, others
in Poland...
What are my options in such a case? Have you ever experienced such a
behavior? And what are the best practices that apply?
Since you have a server turn on 24x7 that type of attacks are quite common.
You should not worry as long as you have good passwords, that's to say, no
stupid passwords like "dog" "myname" "qwerty"...basically dictionary ones.
However, depending on the service you experimented the attacks to, you might
want to set up some sort of program such as fail2ban or just some iptables
rules to block that IP, for instance, after 3 or 4 failed login attemps, you
know.
On the other hand, If you feel like to report the attacker IP to his ISP, just
do it, but in my opinion it's quite worthless.
So well, don't worry about brutte force attacks they have been and they're
gonna be common whether you mind or not. Just define a good password policy
for your users (if the scenario is a company you're responsible of)...
All the best.
Manuel
--
Manuel Arostegui Ramirez.
Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.
