[WBEL-users] iptables auto add baddies script?

[Luke Scharf]

On Wed, 2004-12-29 at 16:20, Jon Lewis wrote:
> You people are doing this the wrong way around.  Don't block the hosts you
> think are "bad".  Block everyone.  Then allow just the IP ranges you
> actually need to have access.

I don't have control over my routers, and my machines are spread over
several subnets so I can't play any
private-ip-address-on-the-public-network tricks easily.  I'd love to do
it that way!

I do use ipsec on the Windows machines to block off-campus connections. 
And, since Windows will hand-out a list of domain users to anyone who
will ask, the attacks are targeted very specifically against my userlist
-- and so if my machines weren't configured this way, everyone's account
would get locked out periodically.  Also, Samba is configured to only
talk to machines that are on campus.

My legitimate users get around this restriction by using ssh/sftp into
the Unix machines.  Fortunately, Unix won't hand out the userlist, so
the risk is reduced.  And, nobody has just a first name as their
username, so the script kiddies are banging against non-existent
accounts for now.

-Luke


-- 
Luke Scharf, Systems Administrator
Virginia Tech Aerospace and Ocean Engineering