[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Is this some kind of Denial Of Service Attack

Subject: RE: [cobalt-users] Is this some kind of Denial Of Service Attack
From: aljuhani <aljuhani@xxxxxxxxx>
Date: Tue Oct 22 08:20:55 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Hello Andy.

Thank you and to others on the list for your responses.

I have read alot about IP Chains BUT as far as I know I may need to re-compile 
the kernel during the install which I'm not good at.  I want to make sure that 
install goes fine without problems.  I have installed it on my experimental 
redhat linux desktop and still trying to figure out many options.

My PortSentry is using the TCP Wrapper but one advantage of IP-Chains is 
blocking the connection (Traffic) and by that minimizing bandwidth usage which 
is not the case of the tcpwrapper.

Regards,

Al-Juhani
aljuhani@xxxxxxxxx

>===== Original Message From cobalt-users@xxxxxxxxxxxxxxx =====
><snip>
>>
>> From a root prompt:
>> /sbin/route add -host 62.194.130.53 reject
>> Would take care of that IP.
></snip>
>
>Just as an add-on to Dan and Dave's messages, it may be worthwhile installing 
ipchains and using ipchains to block the IP address, because of several 
factors:
>
>1) if i remember correctly, sendmail doesn't use tcpwrappers, so adding to 
/etc/hosts.deny won't actually block the atempts, though it will stop them 
ftp/pop3/imap or other services which are using tcpwrappers
>
>2)Also the raq is still having to process part of the incoming connection to 
actually block it, so still capable of slowing the server down. This is true 
for the route and hosts.deny methods.
>
>To install ipchains, its a case of doing:
>
>rpm -Uvh 
ftp://ftp.rpmfind.net/linux/redhat/6.2/en/os/i386/RedHat/RPMS/ipchains-1.3.9-5
.i386.rpm
>
>(As root via SSH that is)
>
>Then to block an IP using ipchains:
>/sbin/ipchains -I input -s 111.111.111.111 -j DENY
>
>changing 111. etc to the source of the attacker (62.194.130.53 in this case)
>
>This won't log the dropped packets, because that will generate a lot of 
unwanted logging, but if you wanted it enabled add a -l on the end of the 
/sbin/ipchains command.
>
>Regards,
>
>Andy
>andy@xxxxxxxxxx
>http://www.raqpak.com  <-- Unofficial FAQs and PKGs

Follow-Ups:
- RE: [cobalt-users] Is this some kind of Denial Of Service Attack
  - From: Gerald Waugh
- RE: [cobalt-users] Is this some kind of Denial Of Service Attack
  - From: Glenn Parsons

Prev by Date: RE: [cobalt-users] RAQ4R - Boot Hang - Checking Disk....*
Next by Date: RE: [cobalt-users] RAQ4R - Boot Hang - Checking Disk....*
Previous by thread: [cobalt-users] [RAQXTR]Applying patches after manually rolling back kernel
Next by thread: RE: [cobalt-users] Is this some kind of Denial Of Service Attack

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index