Rob wrote:

uidzero wrote:

Rob wrote:

uidzero wrote:

Pelle Andersson wrote:

Hi!

I have a lot of login attempts from various networks and IP addresses
on my FBSD 4.10 server. I have read the man pages for hosts.deny but
do not understand how to add networks and IP addresses to it.


I use "/etc/rc.ipfw"...


${fwcmd} add 300 deny IP from 24.19.0.105 to any ${fwcmd} add 301 deny IP from 24.79.68.179 to any ${fwcmd} add 400 deny IP from 61.100.180.125 to any ${fwcmd} add 401 deny IP from 61.206.125.28 to any

  [...snip...]

${fwcmd} add 971 deny IP from 220.73.215.151 to any
${fwcmd} add 980 deny IP from 221.3.131.80 to any
${fwcmd} add 981 deny IP from 221.12.11.118 to any
${fwcmd} add 982 deny IP from 222.56.118.124 to any




I have attacks by similar IP numbers. However, I discovered
that these IP numbers are used only once to attack my PC.
Next attack will be from a different IP number. So adding the
IP numbers to your list each time after an attack, will make
your deny-list longer and longer, but won't make it more effective,
since it doesn't protect you against the attackers next attempts.

Unless, of course, someone is attacking again and again from the
same IP number; but that is not what I observe.

Rob.



Actually, quite a few has attempted several times from the same IPs. I figure if it gets to big, I'll just block the whole class. What do I care if a whole country can't access my lil webserver? :)


Have you bothered to monitor your rules with ipfw -dt show, or by adding
a 'log' to your rules? That would give you a clue as to how effective
your deny rules are.

Rob.



I've added a few friends static IPs and they weren't able to get any of the services my system runs. So,noy only is ssh blocked, everything is blocked.


Michael

--
Michael D. Whities
[EMAIL PROTECTED]
http://www.one-arm.com

--

There are four colors of hats to watch for: Black, White, Grey, and Red.

The meanings are: Cracker, Hacker, Guru, and Victim.

_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to