[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] dom0 brute force detection



On 03/08/2011 10:40 AM, Randy Katz wrote:
Hi,

Has anyone on this list found the necessity to log/monitor brute force
activity on
dom0? I just noticed that looks like it might be a DoS but was not
monitoring so
need to install something, what are you currently using?

Thanks in advance,
Randy

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


We just use iptables to restrict all traffic except our local network to the Dom0. You should only allow management IP's to the Dom0, and that keeps it mostly pristine.

The DomU's are another story, but we use service based iptables rules for those, and only allow public services to the world. In addition, we use ossec-hids reporting for attack vectors on our other servers and a 1-strike rule for the IP's that are using attack vectors against us.

--
--
Steven G. Spencer, Network Administrator
KSC Corporate - The Kelly Supply Family of Companies
Office 308-382-8764 Ext. 231
Mobile 308-380-7957

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.