RE: Mail relay attempts

To: "Debian-Security@Lists. Debian. Org" <debian-security@lists.debian.org>
Subject: RE: Mail relay attempts
From: "Jones, Steven" <sjones08@eds.com>
Date: Wed, 28 Aug 2002 08:15:03 +1200
Message-id: <[🔎] A76258F91728D211882A0008C7280E0C05E1FFA1@NZWNM202>

Ive found port sentry really good for detecting port scans and then routeing
the return packets to no where.

:)

Thing

-----Original Message-----
From: Rolf Kutz [mailto:kutz@netcologne.de]
Sent: Wednesday, 28 August 2002 4:10 
To: Debian-Security@Lists. Debian. Org
Subject: Re: Mail relay attempts


* Quoting Craig Sanders (cas@taz.net.au):
> 
> PS: actually, the only other thing you could do is set firewall rules
> blocking inbound tcp port 25.  if your mail server is the primary MX for
> your domain then you would also need a secondary MX and open the
> firewall for just that machine.  spammers will still try - the only real
> difference is that you'll get entries in your kernel log rather than in
> your mail log.  if you do this, i recommend using iptables and DROP the
> packet rather than REJECT it....this wastes the spammer's time while the
> connection times out.

Drop doesn't really prevent scans and spammers
will scan for open ports first.

If you really want to achive something like that,
you should install a 'Teergrube':

http://www.iks-jena.de/mitarb/lutz/usenet/teergrube.en.html

- Rolf


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: Mail relay attempts
  - From: Michael Renzmann <mrenzmann@dylanic.de>
- Re: Mail relay attempts
  - From: Rolf Kutz <kutz@netcologne.de>

Prev by Date: Re: static sshd
Next by Date: cryptoloop confusion
Previous by thread: Re: Mail relay attempts
Next by thread: Re: Mail relay attempts
Index(es):
- Date
- Thread