Rob wrote:
uidzero wrote:
Rob wrote:
uidzero wrote:
Pelle Andersson wrote:
Hi!
I have a lot of login attempts from various networks and IP addresses on my FBSD 4.10 server. I have read the man pages for hosts.deny but do not understand how to add networks and IP addresses to it.
I use "/etc/rc.ipfw"...
${fwcmd} add 300 deny IP from 24.19.0.105 to any ${fwcmd} add 301 deny IP from 24.79.68.179 to any ${fwcmd} add 400 deny IP from 61.100.180.125 to any ${fwcmd} add 401 deny IP from 61.206.125.28 to any
[...snip...]
${fwcmd} add 971 deny IP from 220.73.215.151 to any ${fwcmd} add 980 deny IP from 221.3.131.80 to any ${fwcmd} add 981 deny IP from 221.12.11.118 to any ${fwcmd} add 982 deny IP from 222.56.118.124 to any
I have attacks by similar IP numbers. However, I discovered that these IP numbers are used only once to attack my PC. Next attack will be from a different IP number. So adding the IP numbers to your list each time after an attack, will make your deny-list longer and longer, but won't make it more effective, since it doesn't protect you against the attackers next attempts.
Unless, of course, someone is attacking again and again from the same IP number; but that is not what I observe.
Rob.
Actually, quite a few has attempted several times from the same IPs. I figure if it gets to big, I'll just block the whole class. What do I care if a whole country can't access my lil webserver? :)
Have you bothered to monitor your rules with ipfw -dt show, or by adding a 'log' to your rules? That would give you a clue as to how effective your deny rules are.
Rob.
I've added a few friends static IPs and they weren't able to get any of the services my system runs. So,noy only is ssh blocked, everything is blocked.
Michael
-- Michael D. Whities [EMAIL PROTECTED] http://www.one-arm.com
--
There are four colors of hats to watch for: Black, White, Grey, and Red.
The meanings are: Cracker, Hacker, Guru, and Victim.
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
