[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Re: Blocking Access

Subject: [cobalt-users] Re: Blocking Access
From: Bruce Timberlake <bruce@xxxxxxxxxx>
Date: Fri Jan 30 10:55:01 2004
Organization: BRTNet.org
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Dan Kriwitsky wrote:

I'm getting port scans from this user"user-11fahma.dsl.mindspring.com", how do I go about blockinghim and stop him from filling up my logs? Would I have to gethis IP to add him to IPCHAINS?

As root:

/sbin/route add -host 66.245.70.202 reject


And you can get his IP by doing a

	traceroute user-11fahma.dsl.mindspring.com

or

	dig user-11fahma.dsl.mindspring.com in

and seeing what IP is returned.

If you have ipchains already set up, add this to your rule file:

-A input -s 66.245.70.202/255.255.255.255 -d 0.0.0.0/0.0.0.0 -i eth0 -jDENY -l


(above should all be one line)

Then reload ipchains. If you use Dan's route method, make sure to putthat command into one of your startup scripts someplace so that if yourserver reboots the host block will get added again.

References:
- RE: [cobalt-users] Blocking Access
  - From: Dan Kriwitsky

Prev by Date: RE: [cobalt-users] Blocking Access
Next by Date: Re: [cobalt-users] Blocking Access
Previous by thread: RE: [cobalt-users] Blocking Access
Next by thread: Re: [cobalt-users] Blocking Access

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index