[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] dom0 brute force detection

To: xen-users@xxxxxxxxxxxxxxxxxxx
From: Steve Spencer <sspencer@xxxxxxxx>
Date: Tue, 08 Mar 2011 16:54:48 -0600
Delivery-date: Tue, 08 Mar 2011 14:55:57 -0800
List-id: Xen user discussion <xen-users.lists.xensource.com>

On 03/08/2011 10:40 AM, Randy Katz wrote:

Hi,

Has anyone on this list found the necessity to log/monitor brute force
activity on
dom0? I just noticed that looks like it might be a DoS but was not
monitoring so
need to install something, what are you currently using?

Thanks in advance,
Randy

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

We just use iptables to restrict all traffic except our local network tothe Dom0. You should only allow management IP's to the Dom0, and thatkeeps it mostly pristine.

The DomU's are another story, but we use service based iptables rulesfor those, and only allow public services to the world. In addition, weuse ossec-hids reporting for attack vectors on our other servers and a1-strike rule for the IP's that are using attack vectors against us.


--
--
Steven G. Spencer, Network Administrator
KSC Corporate - The Kelly Supply Family of Companies
Office 308-382-8764 Ext. 231
Mobile 308-380-7957

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

References:
- [Xen-users] dom0 brute force detection
  - From: Randy Katz

Prev by Date: RE: [Xen-users] winxp sp2 hangs on "windows setup" and F5-key methodnot working.
Next by Date: Re: [Xen-users] grub commands problem with Ubuntu 10.04
Previous by thread: [Xen-users] dom0 brute force detection
Next by thread: Re: [Xen-users] dom0 brute force detection
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.