Web lists-archives.com

Re: [Samba] check accounts for known bad passwords




Hai M-J, 

Bit off topic for samba, but handy to know.
ah, yes, did not know that site, handy also.

I use iptables ipset geoip fail2ban and ufw combined. 
Bit of these combined. 
http://blog.jeshurun.ca/technology/block-countries-ubuntu-iptables-xtables-geoip 
https://www.dghost.com/techno/internet/banning-an-entire-country-with-iptablesipset 
https://tipstricks.itmatrix.eu/blocking-all-traffic-from-individual-countries-using-ipset-and-iptables/ 

My setup is as followed, 

Ufw and geoip for country blocking and regular rules.
For example, Port 25/80/443 open for the world, all other are restricted to countries, (Where possible.)

Fail2ban monitor a service logs, abuse, > 1 day block. ( use ipset here ) 
Why 1 day, spammers often return within a day, so if they do that they exend the block a day. 
The use of ipset, i do that here, because of the ammount of blocks i have. 
Normaly, about 1500 ips are blocked daily, and its better to have this in ipset that iptables. 
Its faster in the hash tables and can handle up to about 65k rules.

I do this for example on my mail relay/antispam. 
Cpu load dropped about 20%, spam mail getting through dropped about 80%. 
from 10k mails through the antispam back to about 1.5k. 
Also due the good use of postfix/postscreen. 

If you need more tips, you can pm me ;-) 


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens mj via samba
> Verzonden: donderdag 20 juli 2017 17:23
> Aan: samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] check accounts for known bad passwords
> 
> Hi,
> 
> Yes it seems we are interesting.
> 
> Following your advise, I have just started blocking whole 
> countries, based on info found here:
> 
> https://www.iplocation.net/
> 
> (started with china, and now also Venezuela, the Korea's 
> Sudan, Indonesie and India.
> 
> That seems to help astonishingly good, thanks!
> 
> MJ
> 
> On 07/20/2017 04:19 PM, L.P.H. van Belle via samba wrote:
> > Hai M-J.
> > 
> > Still under attack..,,
> > 
> > A better thing maybe if possible for you..
> > Restrict imap/pop ports to only allow ips from netherlands 
> through your firewall.
> > 
> > Now, if they are comming from within you own country, which 
> makes it much more easy for legal steps.
> > 
> > Do you have one attacker ip for me, i'll do some checks.
> > 
> > And i found this:
> > https://www.mylinuxplace.com/samba-password-complexity-check/
> > Just dont know if that wil work for you, you have to try it out.
> > 
> > 
> > Greetz,
> > 
> > Louis
> > 
> > 
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens 
> mj via samba
> >> Verzonden: donderdag 20 juli 2017 15:52
> >> Aan: samba
> >> Onderwerp: [Samba] check accounts for known bad passwords
> >>
> >> Hi,
> >>
> >> Des anyone know if a script of some sort or way to check my samba 
> >> accounts for known bad passwords, such as "123321", "1q2w3e", and 
> >> such?
> >>
> >> We are currently the target by a botnet, trying out those easy 
> >> passwords on our imap server. While many (all?) of our users have 
> >> good complex paswords, I am not 100% sure about
> >> *all* of them. If possible I'd like to disable their 
> accounts, in the 
> >> case of such bad passwords.
> >>
> >> It would be good if such a snippet would bypass the 
> >> bad_password_count policies, etc, so that I could scan accounts 
> >> without them becoming locked due to too many failed passwords.
> >>
> >> Anyone with an idea how to do this?
> >>
> >> MJ
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/options/samba
> >>
> > 
> > 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba