Need help!

[Jack]

--- "D. Hageman" wrote:
> On Sat, 30 Apr 2005, Jack wrote:
> >
> > Taking the box offline would take down my mail
> server.
> > I use this yahoo account for kclug, but I get all
> my
> > regular mail through accounts on my mail server. I
> > didn't say the box has been compromised, I just
> want
> > advice on blocking these attacks as much as
> possible.
> > But I don't want to bring my box to a crawl to do
> it.
> >
> 
> You should consider getting a secondary MX server. 
> There will be times 
> where you just can't avoid having the box be
> inaccessible.  If you had a 
> secondary MX this would be a non-issue.
> 
I would like to add a secondary MX box. It's on my
wish list. However, I don't see how that would make it
a non-issue. If I take one box down, then the second
one would become the attack target. I'm looking for
solution to reduce the attacks. The box is a "busy
box", that is running several services. It runs the
firewall, webserver, mail server and of course is also
hosting ssh access. The primary attack is focused on
the sshd. The system is running stable with one or two
services apt-pinned to testing and has the latest
patches. I've analysed the system remotely a little
and didn't see any indications of the system actually
getting cracked. I'm primarily looking for techniques
and suggesstions on ways to further lock out these
crackers, without bogging down the box. Also on the
remote checking of the system, what are some favorite
tools for this?

Thanks,
Brian


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com