OT - Firewall suggestion
Steve Campbell
campbell at cnpapers.com
Thu Nov 11 19:20:53 GMT 2004
[ The following text is in the "iso-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Traffic in or out is still traffic, and the firewall still has to DROP, DENY
whatever. I have considered the DROP, but for now, I just quit logging these
packets until the ISP returns my call. As each one is from a different IP,
I'm hoping they will carry the ball and determine the real offender. The
packets seem to average about 11 per second. Although this is nothing
astronomical, it is a problem.
Thanks for the suggestions, though.
Steve Campbell
----- Original Message -----
From: "Steve Mason" <smlists at SHAW.CA>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Thursday, November 11, 2004 1:49 PM
Subject: Re: OT - Firewall suggestion
> > Someone/thing has decided to circumvent the MX records
> >and try the sendmail boxes directly.
>
> >My firewall blocks all of this, so there is no worries there, but it sure
is
> >wasting a lot of bandwidth. I would like to hear any suggestions on what
may
> >have been done to slow this down, or any other nifty things that may
help. I
> >use IPTABLES as a firewall.
>
> >Unfortunately, the gateways are outside the firewall, so they are being
beat
> >up pretty bad. I can't move these inside (not my decision). I also don't
> >manage the gateways, so....
>
> Unless I'm missing something, how would connection requests on port 25,
being blocked by the firewall waste bandwidth?
>
> One thing you can do to slow down the perpetrators, is use DROP instead of
DENY or REJECT in your iptables for port 25, this will cause the system
attempting the connection to wait for a timeout.
>
>
> Steve
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
More information about the MailScanner
mailing list