[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: random usernames in attempts to break in to my machine?

On Tuesday, 5 April 2022 01:46:32 EDT tomas@tuxteam.de wrote:
> On Mon, Apr 04, 2022 at 03:44:24PM -0400, gene heskett wrote:
> > On Monday, 4 April 2022 12:03:59 EDT tomas@tuxteam.de wrote:
> > > On Mon, Apr 04, 2022 at 11:51:47AM -0400, gene heskett wrote:
> [...]
> 
> > Tomas, I've had fail2ban installed and running since wheezy.  I don't
> > believe that in all that time, I have ever seen it trigger to do
> > anything. Then you recommend it but none of the advice on how to make
> > it actualy work seems to be any more helpfull than the man page
> > which talks in swahili slang dialect. To me, it seems like an
> > over-hyped cycle stealer.
> 
> Sorry to hear that.
> 
> > So where might I find the info it takes to actually make it work as
> > advertised?
> 
> Here, I must defer to others having more experienced folks. All I know
> (yet) is what it does, that I'd write something similar, and that there
> are people out there who know what they're doing and use it.
> 
> Perhaps things change in half a year, when I've come around deciding
> whether banning things based on their IP address is worth it at all
> (I see such a diversity in source IPs that for all practical purposes,
> each one could be as good as single-use: then, the fail2ban model
> loses its appeal. But measuring still has to be done).

Well, it seems to me that if something as automatic as fail2ban were to 
be used, its better use would be in the router, stopping such before it 
reaches into the home network. OTOH, dd-wrt and its ilk, reflashed into a 
router with enough resources, does I think protect me from quite a bit of 
that stuff, leaving only the email, using the imap protocol, as the major 
attack vector I see here.

That sort of stuff I recognise and delete quite often, but I'm deleting 
far more spam than what I call an outright attack vector.

mail2world, whom shentel uses as a mailserver, running dovecot could do a 
better job of filtering that, but I probably field 2 to 4 such emails 
that aren't actually addressed to me a day. I don't understand the 
mechanism that puts such in my inbox when its not addressed to me, even a 
Bcc should I think be addressed to me to get put into my imap queue.

But the black hats are creative. Too bad that creativity is not used for 
good.

Thank you. Take care and stay well Tomas.

Cheers, Gene Heskett.
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Reply to: