[NBLUG/talk] Multiple IP address / brute force attack

Ken McGlothlen mcglk at artlogix.net
Tue Apr 29 14:05:49 PDT 2008


| I'm sad to admit I had a breech on a server at sonic this weekend. [...]  The
| script kiddies were only in for a few seconds, but they did their
| damage. Things are back up for the most part now and the fortress is a little
| stronger.

Sorry to hear it.  These sorts of attacks are getting more and more frequent,
and without dynamically adaptive firewalls, they're hard to manage.

| What this means to me is that if you have a range of IPs on your server and
| actually configure them to work, it's a little like hanging out a big net
| with bells on it.

Pretty much.

| Comments, laughter, ideas?

No laughter from this corner.  Keeping up with this sort of thing is difficult.

I guess the main thing is to keep track of what networks spell trouble, and
keep up with your firewall.  Keep up to date with the patches.  Improve your
monitoring tools.  And good luck.

---Ken



More information about the talk mailing list