|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Need help dealing with distributed dictionary attack.
From: Jefferson Cowart (jeff
cowart.net)
Date: Mon Aug 02 2004 - 20:08:52 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I'm running a postfix mail server on debian stable (postfix version 1.1.11 -
some security backports). I have had someone that based on initial IP
addresses seems to be from brazil that has been running a dictionary account
against my server for about a year and a half now. Each time that I block
his IP addresses he ends up just moving to a different address and
continuing the attack. At this point it appears that he is using a largish
(50-100 at the moment) network of computers (probably zombied windows
machines) to launch this dictionary attack against me. While the dictionary
attack is not in and of itself a major problem, it is causing major load
problems on my server. I have had multiple times where he has been sending
enough traffic down the line to cause legitimate connections to be slow or
non functional. Additional he has multiple times caused my servers enough
load that they were unable to process legitimate requests. Does anyone have
any suggestions about how to handle this problem.
----------------
Thanks
Jefferson Cowart
Jeffcowart.net
P.s. Please CC me on responses.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]