WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] dom0 brute force detection

To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] dom0 brute force detection
From: Steve Spencer <sspencer@xxxxxxxx>
Date: Tue, 08 Mar 2011 16:54:48 -0600
Delivery-date: Tue, 08 Mar 2011 14:55:57 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4D765C19.2020207@xxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <4D765C19.2020207@xxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.14) Gecko/20110223 Lightning/1.0b2 Thunderbird/3.1.8
On 03/08/2011 10:40 AM, Randy Katz wrote:
Hi,

Has anyone on this list found the necessity to log/monitor brute force
activity on
dom0? I just noticed that looks like it might be a DoS but was not
monitoring so
need to install something, what are you currently using?

Thanks in advance,
Randy

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users


We just use iptables to restrict all traffic except our local network to the Dom0. You should only allow management IP's to the Dom0, and that keeps it mostly pristine.

The DomU's are another story, but we use service based iptables rules for those, and only allow public services to the world. In addition, we use ossec-hids reporting for attack vectors on our other servers and a 1-strike rule for the IP's that are using attack vectors against us.

--
--
Steven G. Spencer, Network Administrator
KSC Corporate - The Kelly Supply Family of Companies
Office 308-382-8764 Ext. 231
Mobile 308-380-7957

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>