Rob, nmap has a very easy to use option that allows one to specify their source ip address (I think it is -S, so that's what I use below). Perhaps someone wants to do a real easy (reverse) denial of service attack on you as follows: dosservers="yahoo.com microsoft.com hotmail.com euglug.org usbank.com disney.com linux.com linux.org rob's_mail_server.com and others" for i in $dosservers; do nmap -sS -e eth0 -S #i & ; done voila! I don't think hosts.deny is a good all around solution. It's probably good for a temporary, 'someone is attacking me, and let's drop him automagically' fix, but not as a long term solution. You want your port 80 and port 25 and other web services available for everyone to use, as long as they aren't abusing them. So other measures should be used, like a DMZ. -----Original Message----- From: Rob Hudson [mailto:[EMAIL PROTECTED]] Sent: Friday, April 27, 2001 11:42 AM To: EUGLUG Subject: [EUG-LUG:799] Portsentry and firewalling (FreeBSD) Hi All, I've got portsentry and ipfw running on a firewall/gateway at home. One thing I like is when you add a deny rule to ipfw, it blocks all packets. I wrote a little perl script that reads in the hosts.deny file and re-adds those IPs upon boot-up. There is probably another way to do this, but I didn't research it at the time. The way I understand how /etc/hosts.deny works, is that it will deny those services listed in /etc/inetd.conf if the IP is listed in the deny file. This is why I wrote the perl script - to deny packets to anything from those IPs that port scanned me. hosts.deny doesn't include some services (web - port 80, email - port 25) b/c those daemons are actively listening on those ports. (Correct me if I'm wrong). I'm curious, if for a general web server, email server, if it is wise to compile in ipfw and firewall support into them, so if someone portscans or tries some other attack, they will be blocked, and not just blocked from the inetd services. Thanks, Rob --- If you're not part of the solution, you're part of the precipitate.
