WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] dom0 brute force detection

from [Steve Spencer] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] dom0 brute force detection
From: Steve Spencer <sspencer@xxxxxxxx>
Date: Tue, 08 Mar 2011 16:54:48 -0600
Delivery-date: Tue, 08 Mar 2011 14:55:57 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <4D765C19.2020207@xxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <4D765C19.2020207@xxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.14) Gecko/20110223 Lightning/1.0b2 Thunderbird/3.1.8 
On 03/08/2011 10:40 AM, Randy Katz wrote:

Hi,

Has anyone on this list found the necessity to log/monitor brute force
activity on
dom0? I just noticed that looks like it might be a DoS but was not
monitoring so
need to install something, what are you currently using?

Thanks in advance,
Randy

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
We just use iptables to restrict all traffic except our local network to the Dom0. You should only allow management IP's to the Dom0, and that keeps it mostly pristine.
The DomU's are another story, but we use service based iptables rules for those, and only allow public services to the world. In addition, we use ossec-hids reporting for attack vectors on our other servers and a 1-strike rule for the IP's that are using attack vectors against us. 

--
--
Steven G. Spencer, Network Administrator
KSC Corporate - The Kelly Supply Family of Companies
Office 308-382-8764 Ext. 231
Mobile 308-380-7957

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Xen-users] winxp sp2 hangs on "windows setup" and F5-key methodnot working., James Harper
Next by Date:  Re: [Xen-users] grub commands problem with Ubuntu 10.04, Abhishek Dixit
Previous by Thread:  [Xen-users] dom0 brute force detection, Randy Katz
Next by Thread:  Re: [Xen-users] dom0 brute force detection, Steven Spencer
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy