RE: Mail relay attempts
Ive found port sentry really good for detecting port scans and then routeing
the return packets to no where.
:)
Thing
-----Original Message-----
From: Rolf Kutz [mailto:kutz@netcologne.de]
Sent: Wednesday, 28 August 2002 4:10
To: Debian-Security@Lists. Debian. Org
Subject: Re: Mail relay attempts
* Quoting Craig Sanders (cas@taz.net.au):
>
> PS: actually, the only other thing you could do is set firewall rules
> blocking inbound tcp port 25. if your mail server is the primary MX for
> your domain then you would also need a secondary MX and open the
> firewall for just that machine. spammers will still try - the only real
> difference is that you'll get entries in your kernel log rather than in
> your mail log. if you do this, i recommend using iptables and DROP the
> packet rather than REJECT it....this wastes the spammer's time while the
> connection times out.
Drop doesn't really prevent scans and spammers
will scan for open ports first.
If you really want to achive something like that,
you should install a 'Teergrube':
http://www.iks-jena.de/mitarb/lutz/usenet/teergrube.en.html
- Rolf
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Reply to: