[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] China Attacks Question

Subject: Re: [cobalt-users] China Attacks Question
From: Roman Sainz <rsainz@xxxxxxxxxxxxxxxxxx>
Date: Sun Apr 29 17:08:01 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

At 10:43 PM 4/29/01 -0700, you wrote:

I added the very complete list given here the other day to my hosts.denyfile but...
even though I added the list as posted here with entries such as:

# CHINANET-CN China Telecom
ALL: 202.96.0.0/255.240.0.0
I'm still seeing new hosts added to the list by portsentry from thisparticular block of addresses... specifically this one just now hittingport 98 202.107.226.92 shouldn't they be showing as "already blockedignoring" rather than added?

If I understand correctly, you got them block from the services, butnothing will stop them from trying (unless there is another block before atthe router level or a firewall).


If you run the following command, should se a similar result.

[rsainz /rsainz]# tcpdmatch sshd 202.107.226.92
client:   address  202.107.226.92
server:   process  sshd
matched:  /etc/hosts.deny line 7
access:   denied



Román Sainz
Gerente de Tecnología
rsainz@xxxxxxxxxxxxxxxxxx
http://www.emtechnologies.net

References:
- [cobalt-users] China Attacks Question
  - From: Wayne Sagar

Prev by Date: Re: [cobalt-users] China Attacks Question
Next by Date: Re: [cobalt-users] Form Mail Problem on a RaQ2 "Bad Referrer"
Previous by thread: Re: [cobalt-users] China Attacks Question
Next by thread: Re: [cobalt-users] China Attacks Question

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index