Want more features on Pastebin? Sign Up, it's FREE!
Guest

Untitled

By: a guest on Jun 20th, 2012  |  syntax: None  |  size: 1.41 KB  |  views: 144  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. Aaron Zauner ✆
  2. 2:34 PM (0 minutes ago)
  3. Reply
  4. to devops
  5. hi everyone!
  6.  
  7. sorry, i was really tierd yesterday (the heat is killing me!), but i
  8. think everyone got the bigger picture (thx @ michael renner for
  9. clarifying a lot of things).
  10.  
  11. short link writeup:
  12. - http://www.fail2ban.org/wiki/index.php/Main_Page
  13. - https://github.com/azet/fail2ban_serve_notice/blob/master/fail2ban_serve_notice.sh
  14. (experimental! use with caution)
  15. - http://www.cloudflare.com/
  16. - http://www.projecthoneypot.org/home.php
  17. - http://www.ietf.org/rfc/rfc2142.txt
  18.  
  19. the script will be extended & debugged. if i got enough time in the
  20. next weeks i'll add API interfacing to cloudflare/projecthoneypot.
  21. does anyone know similar projects (hannes mentioned something)?
  22.  
  23. my server currently only serves 22 and 80 (with the latter beeing
  24. barely used) with a small amout of request -> thus i get a relatively
  25. small amout of break-in/ddos attempts.
  26. typical bouncing chinese mail adresses: bill.pang@bj.datadragon.net,
  27. apnic@xjcnc.net, hostmaster@public1.nc.jx.cn, zhy0607@public.ty.sx.cn,
  28. sxiptech@shanxitele.com, anti-spam@mail.jxptt.zj.cn [...] (these are
  29. real ones i picked up)
  30.  
  31. http traffic analysis (via cloudflare) for the last 30 days:
  32. http://i47.tinypic.com/10gfrdi.png -
  33. http://i50.tinypic.com/34gm2q9.png (challenged meaning; the attacker
  34. was presented with a captcha, because the IP subnet seemed malicious
  35. to cloudflare)
  36.  
  37. so long,
  38. azet
clone this paste RAW Paste Data