Re: [cobalt-users] IPs related to hackers

[Mike Vanecek <nospam99@xxxxxxxxxxxx>]

On Sat, 10 Feb 2001 21:03:07 -0500, Diana Brake <diana@xxxxxxxxxxxxx> wrote:

:>At 09:22 PM 2/10/01, Chris wrote:
:>
:>> > > PortSentry adds IPs to the /etc/hosts.deny file so if I'm a bit late
:>> > > watching the logcheck messages, the IPs are already blocked. PortSentry
:>> > > doesn't add IPs that are being used to run FTP anonymous login scripts
:>>or
:>> > > IPs that are being used to attempt logins using the admin ID so I drop
:>> > > those in by hand.
:>>
:>>this "hosts.deny" file doesn't seem to block nameserver or ftp requests.
:>>my server was recently compromised via proftpd by the looks of it.
:>>
:>>i think ipchains is the better blocking option, i'm presently studying
:>>up on this.
:>>
:>>--
:>>chris paul
:>>fastmedia.net
:>
:>Hi Chris,
:>I think you're correct, but for those of us on RaQ2s that can't use 
:>IPchains, this is a start. My next project is to figure out ipfwadm for 
:>this MIPS thingy..:)
:>
:>see ya,
:>Diana
:>Crest Communications, Inc.		diana@xxxxxxxxxxxxx
:>Beautiful Sunny Florida		http://crestcommunications.com/
:>352-495-9359, 425-732-9785 fax


Portsentry and Ipfwadm work pretty much the same as portsentry with ipchains.
Ipchains just has some additional features. All three are relatively easy to
use once you understand the basic concepts. Several good references have been
previously posted and will be found in the archives. I posted a
postsentry.init that I use to start things and get them going in an earlier
message. It is well worth the afternoon it will take. Just do not get in a big
hurry - one can shut down things so well that they are really shut down..

BTW, the ipchains is not a mips issue, it is the age of the kernel. The mips
machines have a ~1995 version - a more current version replaced ipfwadm with
ipchains.