I was checking my logcheck report this morning and found that yesterday,
someone actually tried to brute-force attach my FTP server. The attacks
all came the same address within .prodigy.net.mx. My first reaction was to
put a "551 GO AWAY" line into my hosts.deny file for .prodigy.net.mx. But
I'm thinking I might just want to just drop the packets silently instead.
I think that's where ipchains come into play. Can someone give me the
syntax for doing that? Also, it's easy enough to just put the IP address
that attacked yesterday into it (BTW, does putting it into a command-line
ipchains call survive through a reboot, or do I need to add it to my
rc.local file to make sure it's there after every reboot?), but is there a
way to specify a range of addresses with ipchains?
--Dave
--
David Guntner GEnie: Just say NO!
http://www.akaMail.com/pgpkey/davidg or key server
for PGP Public key
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
