|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: DOS attack
From: Alan Becker (beckera
softrends.com)
Date: Tue Sep 23 2003 - 13:32:08 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
If your distribution supports iptables, here is a firewall script that I
have found very
simple to use and effective:
http://projectfiles.com/firewall/
I have used this script with RH 7.2 and RH8. There is a support forum
where
questions do get answered. The script is capable of handling routing
situations
(which you may not need). You would need to list the ports you need
open for
inbound connections in the "PERMIT" parameter. For the blocking, I would
probably start with the "BLACKLIST" parameter. You might not need much else.
HTH,
A. Becker
Rick Williams wrote:
>Here is my postconf -n
>
>alias_maps = hash:/etc/postfix/aliases
>command_directory = /usr/sbin
>daemon_directory = /usr/lib/postfix
>debug_peer_level = 2
>default_privs = nobody
>delay_warning_time = 4
>local_recipient_maps = $alias_maps unix:passwd.byname
>mail_owner = postfix
>mail_spool_directory = /var/spool/mail
>mailbox_command = /usr/bin/procmail -Y -a $DOMAIN
>mydestination = mail.aicon.net, localhost.aicon.net, aicon.net, distantkin.com,
>gwbushimpersonator.com, brentmendenhall.com, qualityoakproducts.com,
>candlesbyphyl.com, bushwhackerdays.com, rbbattorneys.com, marcimitchell.com,
>vickerslaw.org, bushwhackerdays.org, electrickwilliams.com, nevada-mo.com,
>michaelczar.com, vickerslaw.us, nevadalionsclub.org, birddogconnectoin.com
>mydomain = aicon.net
>myhostname = mail.aicon.net
>mynetworks = 127.0.0.0/8, 66.137.176.0/24, 12.158.34.0/24, 12.158.35.0/24,
>63.240.165.0/24, 63.240.161.0/24, 10.0.0.0/24
>myorigin = aicon.net
>queue_directory = /var/spool/postfix
>relay_domains = $mydestination
>smtpd_banner = $myhostname
>smtpd_client_restrictions = permit_mynetworks, reject
>virtual_maps = hash:/etc/postfix/virtual
>
>I am running Mandrake 8.1 on an x86 box.
>
>Thanks for the ideas on iptables, I am currently working on that now.
>
>Rick Williams
>
>Michael Breton wrote:
>
>
>
>>>-----Original Message-----
>>>From: Rick Williams [mailto:rickaicon.net]
>>>Sent: Saturday, September 20, 2003 2:14 PM
>>>To: postfix-userspostfix.org
>>>Subject: DOS attack
>>>
>>>I have a continued attempt to send mail from an outside
>>>network. I have
>>>smtpd_client_restrictions = permit_mynetworks, reject
>>>but the continued attempts keep clogging up postifx so no mail can be
>>>sent out.
>>>
>>>Is there a way I can keep the specific IP from even connecting to
>>>postifx until I can contact the admin for the ISP to deal with this?
>>>
>>>I believe this is a customer who switched from my service but didn't
>>>remove the email config from their client and now has a virus
>>>continually trying to send out mail.
>>>
>>>
>>The only way to do this is to firewall them. This can be done either on the
>>host postfix is on, or on some intermediate device. Exactly how to do it on
>>the host depends on your OS. How on the intermediate network devices
>>depends on the devices, and may not be the best choice.
>>
>>If you tell the list what OS you are running, maybe someone will know how to
>>do it...
>>
>>In the meantime, you could post your "postconf -n" output so people here
>>could maybe see something that could help your situation.
>>
>>Michael Breton
>>Commtel
>>
>>
>
>--
>Rick Williams
>Vice President/SysAdmin
>AICON Internet Services, Inc.
>rickaicon.net
>www.aicon.net
>(417)667-4573
>
>
>
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]