For those of you dealing with your nameserver being attacked and your logs being filled with messages such as "named[xxxx]: client x.x.x.x#yyyy: error sending response: host unreachable", you can use PHREL to block the abuse and stop the log messages. For smaller traffic nameservers, you can set a threshold of 15pps with a rate of 0 to dynamically block the majority of these attacks. Larger traffic nameservers may need to use a slightly higher threshold.
Here's an example command line for phreld to block this:
phreld -p 53 -T 15:0
I was getting a brute force attack on an FTP Server. This program helped to stop the attack and gave me confidence that the server is more secure than the vanilla install.
The configuration wasn't as simple as I had hoped. There is not a /etc/phrel.config file yet. I had to add to a script that's run at every reboot to automate the execution of the script.
The other downside is the need for root access. It probably will not work for some VPS environments, but you can always ask the admin. I'm sure once they see the thing, they'll want it installed.
Be very careful on your settings. Try testing it with a small decay (-D) first, like 10 seconds or so. Of course, have a way of getting to the box other than ssh when testing. Otherwise, you may need a reboot. Note, even if you test the FTP port, all ports are closed when you get blocked.
It's definitely worth the effort of learning how this thing works. It's so very cool. After a few failed logins, the entire IP is dropped for a period of time. It can even be throttled down to a certain number of packets/second after an offense.
The cool thing is that its protocol independent. It will work for FTP, SSH, HTTP, DNS, SMTP, and any other protocol tcp or udp. Learn one tool and protect all protocols on your network. Could also work great on a router box.
So very happy for this one. I give it a 10!
An open, cross-platform journaling program.
A scientific plotting package.