[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Blocking Access

Subject: Re: [cobalt-users] Blocking Access
From: "Al-Juhani" <aljuhani@xxxxxxxxx>
Date: Fri Jan 30 11:06:01 2004
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Hi Jon,

Yes you can use IPCHAINS to reject that IP access to your server.
Use ping http://www.dnsstuff.com to obtain the IP address for
"user-11fahma.dsl.mindspring.com" which
is 66.245.70.202.

Then make the Deny rule:

ipchains -I input -s 66.245.70.202 -j DENY -l

if you do not want to log the deny actions, then remove "-l"

alternative method if the scans is targeting un-used ports, you may block
the port.

Do you have PortSentry installed? If yes you can configure it to use
IPchains instead of TCPwrapper.
Check this link: http://www.uk2raq.com/raqfaq/raqfaqshow.php?faq=46

Al-Juhani
aljuhani@xxxxxxxxx

----- Original Message -----
From: "Jon" <jjma100@xxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Friday, January 30, 2004 21:21
Subject: [cobalt-users] Blocking Access


>
> I'm getting port scans from this user
> "user-11fahma.dsl.mindspring.com", how do I go about blocking him
> and stop him from filling up my logs?
> Would I have to get his IP to add him to IPCHAINS?
>
> Thanks
>
> Jon
>

References:
- [cobalt-users] Blocking Access
  - From: Jon

Prev by Date: [cobalt-users] Re: Blocking Access
Next by Date: [cobalt-users] [RaQ 3i] additional 40Gb HDD - can't see more than 5Gb
Previous by thread: [cobalt-users] Re: Blocking Access
Next by thread: [cobalt-users] [RaQ 3i] additional 40Gb HDD - can't see more than 5Gb

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index