[nos-bbs] Jnos memory leak with forwarding
Michael Fox - N6MEF
n6mef at mefox.org
Thu Oct 19 13:38:09 EDT 2017
Gus,
You didn't say what type of "attack". But if it's login attempts, then a useful tool is fail2ban. You configure fail2ban to watch nos.log for failed logins (or any other condition for which you write a regex to match) and then ban the offending IP address. When the match occurs a sufficient number of times, fail2ban writes a rule to iptables to block that IP. You can define how many failed attempts, over what time period, and how long to block, etc. After the ban period has expired, fail2ban removes the iptables rule. You can block repeat offenders longer. Lots of options.
Michael
N6MEF
> -----Original Message-----
> From: nos-bbs [mailto:nos-bbs-bounces at tapr.org] On Behalf Of Gustavo Ponza
> Sent: Thursday, October 19, 2017 10:12 AM
> To: nos-bbs at tapr.org
> Subject: Re: [nos-bbs] Jnos memory leak with forwarding
>
>
>
> On 10/19/2017 04:02 PM, Brian wrote:
> > Gus;
> >
> > On Thu, 2017-10-19 at 12:04 +0200, Gustavo Ponza wrote:
> >
> >> I don't know your or other situations
> >> but from my experience many resources
> >> are spent to reply to the many attacks
> >> to our systems... the jnos is rebooting
> >> more frequently at least from the last
> >> year... other programs seems to remain
> >> hard rock without any collapse.
> > Why is your jnos rebooting from attacks? That should never EVER happen.
> > If so, this is a critical warning sign that your iptables rules needs
> > fixing.
>
> Hi Brian,
>
> you surely have full reasons about iptables rules, but how to
> contrast the following situation? I'm not able to manage it.
>
> A list of the actual attackers follows:
>
> c.afekv.com. 0 IN A 85.37.17.16
> c.afekv.com. 0 IN A 192.150.186.1
> akamai.com. 0 IN A 104.120.217.225
> www.cybergreen.net. 0 IN A 104.18.32.114
> www.cybergreen.net. 0 IN A 104.18.33.114
> play.hypixel.net. 0 IN HINFO ANY obsoleted
> . 0 IN SOA a.root-servers.net. nstld.verisign-grs.com.
> 2017101500 1800 900 604800 86400
> vmware.com. 0 IN NS a1.verisigndns.com.
> vmware.com. 0 IN NS ns3.p14.dynect.net.
> vmware.com. 0 IN NS a3.verisigndns.com.
> vmware.com. 0 IN NS ns1.p14.dynect.net.
> vmware.com. 0 IN NS a2.verisigndns.com.
> vmware.com. 0 IN NS ns2.p14.dynect.net.
> vmware.com. 0 IN NS ns4.p14.dynect.net.
> cqnet.dyndns.org. 0 IN A 94.177.237.192
> sema.cz. 0 IN SOA ns.gransy.com. root.gransy.com.
> 2017091903 86400 900 1209600 1800
> com. 0 IN SOA a.gtld-servers.net. nstld.verisign-grs.com.
> 1507805791 1800 900 604800 86400
> energy.gov. 0 IN NS ns1.es.net.
> energy.gov. 0 IN NS foxbat.doe.gov.
> energy.gov. 0 IN NS fulcrum.doe.gov.
> www.google.com. 0 IN A 216.58.205.100
> 1x1.cz. 0 IN A 217.16.191.139
> 1x1.cz. 0 IN NS ns2.gransy.com.
> 1x1.cz. 0 IN NS ns.gransy.com.
> 1x1.cz. 0 IN NS ns4.gransy.com.
> 1x1.cz. 0 IN NS ns5.gransy.com.
> 1x1.cz. 0 IN NS ns3.gransy.com.
>
> --
> 73 and ciao, gus i0ojj/ir0aab
> A proud member of linux team
> Quidquid latine dictum sit, altum videtur
>
> _______________________________________________
> nos-bbs mailing list
> nos-bbs at tapr.org
> http://www.tapr.org/mailman/listinfo/nos-bbs
More information about the nos-bbs
mailing list