abuse@ and postmaster@ in the modern world?

[Toby Corkindale]

On Fri, Nov 17, 2006 at 03:28:58PM +0000, Peter Hickman wrote:
> David Cantrell wrote:
> >On Fri, Nov 17, 2006 at 11:34:35AM +0000, Dave Hodgkinson wrote:
> >  
> >>On 17 Nov 2006, at 11:07, David Cantrell wrote:
> >>    
> >>>The most effective of my several layers of antispam fascism is the  
> >>>huge
> >>>list of networks which I just won't talk to.  Compared to that, not
> >>>accepting mail to postmaster would be insignificant.
> >>>      
> >>You've blacklisted Korea then?
> >>    
> >
> >Yes, and China, and a shitload of other stuff too.
> >
> >  
> Not quite OT but how many ip addresses are people firewalling on their 
> home machines? I've just stepped over the 11k mark and an starting to 
> wonder if my firewall will start to have problems with this ever 
> increasing list. Am I normal or just paranoid? (put your hand down Dom :) )

I get annoyed by people attempting to brute-force my root password via ssh.
(I just wish they'd realise that I've disabled root logins remotely anyway!)
I've experimented with rate-limiting the number of ssh connection attempts, but
this has the side effect of DoS-ing me being able to login myself, unless I
start using convoluted iptables rules to rate-limit per-IP)

Putting up a temporary (ie 7 days) total IP block on anyone who fails more than
a few ssh passwords would be better, but I'm not sure how to implement that
safely.

How do you deal with this annoyance? Or do you just let them hurl themselves
ineffectively at your passwords, safe in the knowledge that they're about 20
characters long, and there's no way they'll have guessed it, even after 9000
attempts.

Toby


-- 
Turning and turning in the widening gyre/The falcon cannot hear the falconer;
Things fall apart, the centre cannot hold/Mere anarchy is loosed upon the world
(gpg --keyserver www.co.uk.pgp.net --recv-key B1CCF88E)