james.wilson Posted June 6, 2014 Share Posted June 6, 2014 Im been watching a huge increase on attacks on our servers (all of them bar 1) and for the last few weeks have been using the above app to protect them. What are others doing on their public facing machines? Quote securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount. Link to comment Share on other sites More sharing options...
matthew.brough Posted June 6, 2014 Share Posted June 6, 2014 Untangle controls the gateway and has apps that look for nasties. Quote www.securitywarehouse.co.uk/catalog/ Link to comment Share on other sites More sharing options...
james.wilson Posted June 6, 2014 Author Share Posted June 6, 2014 firewall wise i use iptables, this is in addition to firewall looking for failed logins and adding the ip to the firewall to drop the packets Quote securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount. Link to comment Share on other sites More sharing options...
PeterJames Posted June 6, 2014 Share Posted June 6, 2014 Im worried about mine now James are they attacking SME's? Quote Link to comment Share on other sites More sharing options...
james.wilson Posted June 6, 2014 Author Share Posted June 6, 2014 no everything. TSI was getting hammered for spamming purposes. I need to update yours too, but we need to move the vm off it first Quote securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount. Link to comment Share on other sites More sharing options...
PeterJames Posted June 6, 2014 Share Posted June 6, 2014 Can you say that again slowly so I can understand Quote Link to comment Share on other sites More sharing options...
james.wilson Posted June 6, 2014 Author Share Posted June 6, 2014 lol, i need to upgrade urs. but it may need a visit as i cant update to v9 remotly. needs a cd etc. as its a huge change Quote securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount. Link to comment Share on other sites More sharing options...
PeterJames Posted June 6, 2014 Share Posted June 6, 2014 Bring your trunks Quote Link to comment Share on other sites More sharing options...
james.wilson Posted June 6, 2014 Author Share Posted June 6, 2014 ur alright lol Quote securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount. Link to comment Share on other sites More sharing options...
PeterJames Posted June 6, 2014 Share Posted June 6, 2014 I wasn't suggesting you update the server in your trunks LOL I thought you might like to have a swim in the pool after. Have you found your PP yet? Quote Link to comment Share on other sites More sharing options...
james.wilson Posted June 6, 2014 Author Share Posted June 6, 2014 no, been at mum and dads most of this week as ex wife been in hospital and ive had the kiddies. Quote securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount. Link to comment Share on other sites More sharing options...
norman Posted June 6, 2014 Share Posted June 6, 2014 I wasn't suggesting you update the server in your trunks LOL I thought you might like to have a swim in the pool after. Have you found your PP yet? f me it's Barrymore. Quote Nothing is foolproof to a sufficiently talented fool. Link to comment Share on other sites More sharing options...
PeterJames Posted June 6, 2014 Share Posted June 6, 2014 f me it's Barrymore. Awhight at the back! Quote Link to comment Share on other sites More sharing options...
james.wilson Posted June 6, 2014 Author Share Posted June 6, 2014 i think its fine on its current version.... Quote securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount. Link to comment Share on other sites More sharing options...
datadiffusion Posted June 6, 2014 Share Posted June 6, 2014 Awhight at the back! Certainly was.... Quote So, I've decided to take my work back underground.... to stop it falling into the wrong hands Link to comment Share on other sites More sharing options...
james.wilson Posted June 6, 2014 Author Share Posted June 6, 2014 that was in the back Quote securitywarehouse Security Supplies from Security Warehouse Trade Members please contact us for your TSI vetted trade discount. Link to comment Share on other sites More sharing options...
Cubit Posted June 6, 2014 Share Posted June 6, 2014 Awhight at the back! Even more worrying. Quote Link to comment Share on other sites More sharing options...
effortless Posted June 8, 2014 Share Posted June 8, 2014 (edited) I work for a small-ish game server host and we primarily use Windows for our boxes. Our public facing hosts mainly were getting hit by RDP brute force/dictionary attacks, even though we changed the RDP ports from the default 3389 to a random port. We solved this by firewalling off RDP connections to limited IPs (internal IPs and a jumpbox ip) using bog standard Windows Firewall on the individual boxes and surprisingly it was incredibly effective. For remote maintenance, we bought a small virtual server from these guys which acts as an SSH jumpbox (with Fail2Ban configured) which all external RDP connections are forced to go through otherwise they get bounced. (Moved to an RDP client which allows for using SSH Jumpboxes like MobaXTerm and all was well!) Get your credentials for the jumpbox wrong 3 times and it's then a pain in the **** call to me to get the IP ban lifted. Then we forced 64 character random passwords for all admin/rdp accounts, because we are great people.Fun, fun... fun? Edited June 8, 2014 by effortless Quote Link to comment Share on other sites More sharing options...
Rulland Posted June 8, 2014 Share Posted June 8, 2014 Top, middle or bottom, Tis a worry tbh. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.