EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Sunday 24 November 2024, 04:45:52 pm
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
The Latest Endian Firewall is now available for download
HERE
14261
Posts in
4377
Topics by
6517
Members
Latest Member:
Sandro
Search:
Advanced search
EFW Support
Support
General Support
Are we being attacked?
0 Members and 0 Guests are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: Are we being attacked? (Read 7676 times)
richardfisher
Jr. Member
Offline
Posts: 1
Are we being attacked?
«
on:
Tuesday 29 May 2012, 06:33:27 am »
We have been using 2.5.1 for a while now in 7 locations. One of our locations has just started emailing me warnings about root login failures through ssh from ip ;::ffff:1 nnn.nnn.nnn.nnn
There have been 4 of these "attacks in the last three days from 4 different ip addresses (2 in the States, 1 in England and 1 in Singapore). The location being "attacked" is where our Exchange Server is located but this doesn't look like spammers etc. more like attempted hacking. However the email could have led the attackers to the external ip of the firewall?
I am looking for advice, things to check etc. Fortunately I think we have a good password policy in effect which is helping protect us. Also - the number of attempts has dropped each time - first was about 384 over a 10 minute period but the most recent was only 20 attempts in 10 minutes. Hope this is a good sign and not a bad omen!
Thanks all.
Look forward to reading your posts!
Logged
martman22
Full Member
Offline
Posts: 27
Re: Are we being attacked?
«
Reply #1 on:
Wednesday 30 May 2012, 01:00:11 am »
You may want to look at using Ossec on your remote sites. It will monitor such attacks and even block these attacks for whatever duration you set. It will also email you when attacks occur. I uploaded an agent in the customization section of this forum which will work on Endian 2.5.1 but you will need to install the management portion on a separate server which you can download from their main site. Just do a search on it.
You can also compile it yourself if you install the development software on a spare endian box if you don't want to use the agent version of the software.
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.078 seconds with 19 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com