[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] hack again - how to drop a connection
- Subject: RE: [cobalt-users] hack again - how to drop a connection
- From: "Network Operations" <admin@xxxxxxxx>
- Date: Thu Mar 27 13:49:00 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
put his IP in the hosts.deny file
might also try /sbin/route x.x.x.x reject
x.x.x.x = his ip of course
John
-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx] On Behalf Of
BSmith@xxxxxxxxxxx
Sent: Thursday, March 27, 2003 4:37 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: RE: [cobalt-users] hack again - how to drop a connection
-----Original Message-----
From: Andy Clyde, oxfordmusic.net
Subject: [cobalt-users] hack again - how to drop a connection
still fiddling about trying to back up data etc and i noticed that a
certain
IP is connected to my box on ports 4800 and 443. i want him off. nobody
but
me should be connecting to this box for anything other than DNS - i'm
pretty
sure this could be the hacker. how can i boot him off from inside the
shell?
cheers
andy
_____________________________________
Andy,
The easiest way would be to use IPCHAINS. You can get it from:
www.cobaltfaqs.com. Once install, via your shell, you can type in the
following:
ipchains -A input --source x.x.x.x --protocol TCP \
--destination-port 443 -j DENY
ipchains -A input --source x.x.x.x --protocol TCP \
--destination-port 4800 -j DENY
x.x.x.x would of course be his IP address.
That will stop him from ever connecting again. You may want to put on
more
policies. If you are only using it for DNS, there are a lot of ports to
be
blocking.
~Brian
_____________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users