Announcement

Collapse
No announcement yet.

Intrusion Prevention Methodologies...

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Intrusion Prevention Methodologies...

    Good morning all.

    I've been dealing with a number of brute-force ssh attacks as of late and am looking for the best method of incorporating some automated process for blocking the IPs through the firewall, but want to be sure that it won't cause problems with the Interworx Panel implementation. I've looked at a couple of options, but am looking for recommendations as well.

    Thanks and Happy Holidays!

    Phil Malmstrom
    philm@diamondcomputer.com

  • #2
    I would see what you could have done at the router/switch level. That would prevent load on your box.


    Thanks,
    Clint

    Comment


    • #3
      Hi Clint, and thanks for the reply.

      I am working on the switch level as well, but I still want to have some protection on the server itself. The load on our servers is pretty minimal as we only host domains for our service clients so I have plenty of headroom to play with.

      Phil Malmstrom
      philm@diamondcomputer.com

      Comment


      • #4
        I would suggest something like this:

        http://shellscripts.org/index


        THanks,
        Clint

        Comment


        • #5
          Hi again Clint.

          That's one of the ones I looked at. I was curious to find out how the APF implementation would be affected by some of these scripts and if it would interfere with anything Interworx is doing. I know APF is just a policy set for iptables, but I've run into issues with other hosting panels (Ensim specifically) getting odd results when adding non-supported scripts and wanted to be sure that I wasn't going to cause myself problems. I've also got Snort running for monitoring so I may try to use one of the daemons that interface with that for a more robust option.

          Thanks for the input.

          Phil Malmstrom
          philm@diamondcomputer.com

          Comment


          • #6
            Phil,

            Why not try BFD which is directly integrated with APF, as its the same writer?

            http://www.rfxnetworks.com/bfd.php

            Or am I missing something?
            Ledger Technologies Group Ltd - UK based dynamic group of companies that utilises existing and emerging technologies to provide data solutions for clients globally.
            EverythingWeb.Net Ltd - UK Based Website Hosting, Design & Maintenance.

            The views expressed in the above messsage are purely my own and are in no way official or representative of the companies I represent.

            Comment


            • #7
              I would see no reason not to use BFD, but if you use the other script, I would just leave port 22 open on APF, and let the script do the blocking.


              Thanks,
              Clint

              Comment


              • #8
                Hi Again.

                I installed and configured BFD and all appears to be working well. Thanks to all of you for your helpful suggestions.

                Phil Malmstrom
                philm@diamondcomputer.com

                Comment


                • #9
                  bfd

                  I'd like to give bfd a try. How has it been working for you?

                  Comment


                  • #10
                    works great, I have it running on 6-7 servers atm.

                    it's funny when you get 5 emails saying it blocked the same ip on 5 different servers :D


                    Clint

                    Comment


                    • #11
                      Good morning all.

                      I'm running it on three servers and it's worked like a champ. Easy install, easy config and it just flat out works as advertised.

                      Take care.

                      Phil Malmstrom
                      philm@diamondcomputer.com

                      Comment

                      Working...
                      X