[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] [RaQ3i] hosts.deny

Subject: RE: [cobalt-users] [RaQ3i] hosts.deny
From: Brandon Wheaton <brandonw@xxxxxxxxxxxx>
Date: Sun Oct 8 20:10:01 2000
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Sun, 8 Oct 2000, a remote ECHELON node intercepted, flagged and
forwarded the following transmission from Theodore Jones:
> when I add and IP to the "hosts.deny" file under /etc,
>     ALL:  209.74.20.34
> then do a:
>     /etc/rc.d/init.d/inet reload
> then watch my /home/log/httpd/error file (tail -f), I 
> don't seem to see that this IP/person is blocked from 
> making random guesses at my CGI files....

Hi Theo.

Hosts.deny is a component of TCP Wrappers. TCP Wrappers 
only protects services running under inet (for a list of 
inet services, look in /etc/inetd.conf) hence any entries 
you add to your hosts.deny and hosts.allow file will only 
block traffic for those services. (i.e. pop and telnet)

If you want to block traffic to your entire box (short 
of utilizing an external firewall) you will need to 
utilize a kernel-level filter called IPFWADM. Use of 
IPFWADM requires Kernel recompilation, which will no 
doubt void your warranty. I can't imagine why Cobalt 
would leave this critical component out of it's OS. But 
if you are a brave soul, here is the rundown. IPFWADM 
is the basic Linux firewall tool. (Kernel 2.102+ uses 
IPCHAINS) To utilize it to block an IP, all you have 
to do is /sbin/ipfwadm -I -i deny -S 209.74.20.34 -o
With the -o option, all access attempts will be entered 
into /var/log/messages for your viewing pleasure. The 
"deny" makes it look to your attacker as if you have 
fallen off the Internet. You can also use the "reject" 
option, which gives attackers a "connection refused" 
message if that's what you prefer. Either way - the result 
is that you won't need to worry about them any longer. 
Until they get smart and attack you from another IP, 
that is ;^) That is where Portsentry comes into play 
- but that's another e-mail entirely.

Have fun.

Brandon Wheaton
UNIX Systems Engineer 
ValiCert, Inc.
1215 Terra Bella Ave. 
Mountain View, CA 94043 
650.567.5430 
----
Computers are useless; they can only provide answers.
~Pablo Picasso

Follow-Ups:
- Re: [cobalt-users] [RaQ3i] hosts.deny
  - From: Theodore Jones

Prev by Date: RE: [cobalt-users] Secure CGI on a RaQ4
Next by Date: Re: [cobalt-users] [RaQ3i] hosts.deny
Previous by thread: [cobalt-users] [RaQ3i] hosts.deny
Next by thread: Re: [cobalt-users] [RaQ3i] hosts.deny

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index