Brute Force Detection

As most of as use rfxnetworks.com's BFD on our servers, there is onething which is very important and i want to discuss here.

Everytime when there is brute Force Attempt, & BFD detects it, it blocks the IP and send an alert mail to the admin's email (wutever you define it to).

But apprently what happened yesterday was, one of my DUAL Xeon server was under brute force attack, from various spoofed IPs. It was automatic, it attempted around 1500 times in less than 30 seconds.

Even the BFD detected and blocked it all the time, the mess it created was much worse!!

Since there were 1500 alert mails, which overloaded the mail server, and load went up from 0.05 to 478 in less than 30 seconds and server literally freezed.

I had to stop the mailserver for while to calm the server down.

So what we can do abt this sitation, keeping in mind that we want to have some sort of notice tht someone is trying to brute force but on other hand mail server is not overloaded!

If we remove the emial from BFD config, we wont get any notice of the incident, rest is fine though!

So is there is a way to get some sort of notice without making any applicaiton on server go overload?

Experts are welcome to give their advice!!!

 

 

 

 

Top