Rob wrote:

uidzero wrote:

Rob wrote:

uidzero wrote:

Pelle Andersson wrote:


I have a lot of login attempts from various networks and IP addresses
on my FBSD 4.10 server. I have read the man pages for hosts.deny but
do not understand how to add networks and IP addresses to it.

I use "/etc/rc.ipfw"...

${fwcmd} add 300 deny IP from to any ${fwcmd} add 301 deny IP from to any ${fwcmd} add 400 deny IP from to any ${fwcmd} add 401 deny IP from to any


${fwcmd} add 971 deny IP from to any
${fwcmd} add 980 deny IP from to any
${fwcmd} add 981 deny IP from to any
${fwcmd} add 982 deny IP from to any

I have attacks by similar IP numbers. However, I discovered
that these IP numbers are used only once to attack my PC.
Next attack will be from a different IP number. So adding the
IP numbers to your list each time after an attack, will make
your deny-list longer and longer, but won't make it more effective,
since it doesn't protect you against the attackers next attempts.

Unless, of course, someone is attacking again and again from the
same IP number; but that is not what I observe.


Actually, quite a few has attempted several times from the same IPs. I figure if it gets to big, I'll just block the whole class. What do I care if a whole country can't access my lil webserver? :)

Have you bothered to monitor your rules with ipfw -dt show, or by adding
a 'log' to your rules? That would give you a clue as to how effective
your deny rules are.


I've added a few friends static IPs and they weren't able to get any of the services my system runs. So,noy only is ssh blocked, everything is blocked.


Michael D. Whities


There are four colors of hats to watch for: Black, White, Grey, and Red.

The meanings are: Cracker, Hacker, Guru, and Victim.

[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to