12 Jun
2016
12 Jun
'16
2:01 p.m.
This is typical for hosts exposed to the general Internet; we
get hundreds of failed probing login attempts every day on our
systems at work. I don't know of any effective way to stop it
unless you restrict login ports to a small set of addresses by
firewalling or turn off logins entirely.
- Brian
On Sun, Jun 12, 2016 at 03:39:43PM -0300, Pedro Converso wrote:
(Please trim inclusions from previous messages)
_______________________________________________
Hello,
Since last months my JNOS MBOX is being attacked:
15:24:59 94.53.236.39:55248 - MBOX (supervisor) bad login
15:25:07 113.162.86.77:35247 - MBOX (support) bad login
15:25:09 190.140.17.22:53348 - MBOX (root) bad login
15:25:14 92.27.102.224:38887 - MBOX (support) bad login
15:25:14 114.109.125.48:42069 - MBOX (administrator) bad login
15:25:35 190.140.17.22:54146 - MBOX (root) bad login
15:25:50 92.27.102.224:40191 - MBOX (support) bad login
15:26:33 182.184.71.162:41259 - MBOX (root) bad login
15:26:49 182.184.71.162:41259 - MBOX (sh) bad login
15:26:50 89.22.213.165:33979 - MBOX (root) bad login
15:27:52 89.22.213.165:34979 - MBOX (root) bad login
None of the users tried have granted permit.
Installed fail2ban but not avail.
Attacking IPs change continuosly, routing to loopback no help
Due heavy load jnos eventually hangs.
Is it there any way/suggestion to stop this ?
Appreciate any help.
73, lu7abf, Pedro Converso
44.153.0.1 or conversoft.com.ar
pconver(a)gmail.com