guys, i still don't understand why the server would then block the entire orange IP range, because what happens is all our clients that happen to use orange get blocked, and anyone else who tries to access a site off that server also gets blocked.
i don't believe its due to our brute force blacklister or deny system. we have always had that in place and in any case then all our servers would be affected, not just the one. unfortunately, the Orange tech guys am talking to still don't seem to get the problem -- Jason Kinene Ssemakula Customer Support Node Six Elemental Edge +256752956585 +256414376419 www.nodesix.com www.elementaledge.com > Send LUG mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://kym.net/mailman/listinfo/lug > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of LUG digest..." > > > Today's Topics: > > 1. Re: Orange ISP issues (David Gelvin) > 2. Re: Orange ISP issues ([email protected]) > 3. Re: Orange ISP issues (Reinier Battenberg) > 4. Re: geek's desktop Linux system? (Peter C. Ndikuwera) > 5. Re: geek's desktop Linux system? (Peter C. Ndikuwera) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 23 Mar 2011 15:02:32 +0300 > From: David Gelvin <[email protected]> > To: Linux Users Group Uganda <[email protected]> > Subject: Re: [LUG] Orange ISP issues > Message-ID: > <[email protected]> > Content-Type: text/plain; charset="iso-8859-1" > >> >> >> Agree. That host most probably runs an implementation of tcpwrappers. I >> tested this by attempting an ssh connection. >> hari@hari-UL30A ~ $ ssh [email protected] >> I was blocked after 6 attempts and I can no longer ping that IP address. >> >> My guess is that each time you reboot your orange modem, it works >> because >> you get a new public IP address. >> >> I would check the /etc/hosts.deny file on the server for blocked IP >> addresses. >> >> > Yup, they have some sort of brute-force blacklister (denyhosts, or > something > similar). I just did a few unsuccessful login attempts to the neighboring > IP (96.30.62.147), and now I can't get access via http or ping (I was > previously able to). > > All I would have to do is keep reconnecting to Orange to get different > outgoing IP addresses, do a few more unsuccessful login attempts, and > voil?- > the situation would be replicated: that host would be inaccessible to > those > Orange IPs. > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://kym.net/pipermail/lug/attachments/20110323/2b29b837/attachment.html> > > ------------------------------ > > Message: 2 > Date: Wed, 23 Mar 2011 05:26:57 -0700 > From: <[email protected]> > To: "Uganda Linux User Group" <[email protected]> > Subject: Re: [LUG] Orange ISP issues > Message-ID: > > <20110323052657.bcdd5b9fe90e501e540d915e9e4a2cf2.7930f5b62d....@email17.secureserver.net> > > Content-Type: text/plain; charset="utf-8" > > >> > 1. That host has some active filter / configuration that is >> filtering >> > Orange IP addresses. >> > >> > >> Agree. That host most probably runs an implementation of tcpwrappers. I >> tested this by attempting an ssh connection. >> hari@hari-UL30A ~ $ ssh [email protected] >> I was blocked after 6 attempts and I can no longer ping that IP address. >> >> My guess is that each time you reboot your orange modem, it works >> because >> you get a new public IP address. > > the entire orange 3g userbase is nat'ted behind 1 (public) ip address. > (from my experience) > > eb > > > > ------------------------------ > > Message: 3 > Date: Wed, 23 Mar 2011 15:30:08 +0300 > From: Reinier Battenberg <[email protected]> > To: Uganda Linux User Group <[email protected]> > Subject: Re: [LUG] Orange ISP issues > Message-ID: <[email protected]> > Content-Type: text/plain; charset="iso-8859-15" > > Hi, > > We use fail2ban to do that trick. > > fail2ban scans your logfiles for failing logins (on different protocols, > its > pretty flexible, with a bit of magic, you could make it work for Drupal > too, i > guess) > > Once an IP passes a threshold for failed logins, a firewall rule is > created > that blocks the IP. > > Its configurable how long that firewall rule stays active. > > > -- > rgds, > > Reinier Battenberg > Director > Mountbatten Ltd. > +256 758 801 749 > www.mountbatten.net > > > > On Wednesday 23 March 2011 15:02:32 David Gelvin wrote: >> > Agree. That host most probably runs an implementation of tcpwrappers. >> I >> > tested this by attempting an ssh connection. >> > hari@hari-UL30A ~ $ ssh [email protected] >> > I was blocked after 6 attempts and I can no longer ping that IP >> address. >> > >> > My guess is that each time you reboot your orange modem, it works >> because >> > you get a new public IP address. >> > >> > I would check the /etc/hosts.deny file on the server for blocked IP >> > addresses. >> >> Yup, they have some sort of brute-force blacklister (denyhosts, or >> something similar). I just did a few unsuccessful login attempts to the >> neighboring IP (96.30.62.147), and now I can't get access via http or >> ping >> (I was previously able to). >> >> All I would have to do is keep reconnecting to Orange to get different >> outgoing IP addresses, do a few more unsuccessful login attempts, and >> voil?- the situation would be replicated: that host would be >> inaccessible >> to those Orange IPs. > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://kym.net/pipermail/lug/attachments/20110323/60d4769c/attachment.html> > > ------------------------------ > > Message: 4 > Date: Wed, 23 Mar 2011 17:49:01 +0300 > From: "Peter C. Ndikuwera" <[email protected]> > To: Uganda Linux User Group <[email protected]> > Cc: joachim Gwoke <[email protected]> > Subject: Re: [LUG] geek's desktop Linux system? > Message-ID: > <[email protected]> > Content-Type: text/plain; charset="utf-8" > > SUSE Studio allows you to create a completely customized distribution. You > can choose packages to install, add your own packages, create database, > create users, then *boot* into the system using your browser, and do > further > customization. > > Then, every so often, you can tell it to automatically upgrade all > packages, > then roll several different flavors of your system: bootable LiveDVD, > bootable USB image, VMWare appliance, etc. > > You should take a look at it. It's pretty amazing. > > I guarantee I could do an "Ultimate SUSE" in a day using SUSE Studio! > > Peter > > "Happiness makes up in height what it lacks in length" > -- Robert Frost > > > On 23 March 2011 14:37, joachim Gwoke <[email protected]> wrote: > >> Peter, >> Ultimate is ubuntu with a lot of added programs and customisations. I >> don't >> think SuseStudio allows all those customisations without some kind of >> paid >> subscription. I doubt there is anything out there that allows you >> automate >> something like ultimate. The alternative would be painstaking. >> >> >> regards >> Joachim >> >> >> >> _______________________________________________ >> The Uganda Linux User Group: http://linux.or.ug >> >> Send messages to this mailing list by addressing e-mails to: >> [email protected] >> Mailing list archives: http://www.mail-archive.com/[email protected]/ >> Mailing list settings: http://kym.net/mailman/listinfo/lug >> To unsubscribe: http://kym.net/mailman/options/lug >> >> The Uganda LUG mailing list is generously hosted by INFOCOM: >> http://www.infocom.co.ug/ >> >> The above comments and data are owned by whoever posted them (including >> attachments if any). The mailing list host is not responsible for them >> in >> any way. >> > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://kym.net/pipermail/lug/attachments/20110323/4a142a8f/attachment.html> > > ------------------------------ > > Message: 5 > Date: Wed, 23 Mar 2011 17:53:49 +0300 > From: "Peter C. Ndikuwera" <[email protected]> > To: Uganda Linux User Group <[email protected]> > Cc: joachim Gwoke <[email protected]> > Subject: Re: [LUG] geek's desktop Linux system? > Message-ID: > <[email protected]> > Content-Type: text/plain; charset="utf-8" > > Check out some of the things SUSE Studio can let you do: > > http://www.novell.com/promo/suse/the-disters-contest-winners.html > > P. > > "Happiness makes up in height what it lacks in length" > -- Robert Frost > > > On 23 March 2011 17:49, Peter C. Ndikuwera <[email protected]> wrote: > >> SUSE Studio allows you to create a completely customized distribution. >> You >> can choose packages to install, add your own packages, create database, >> create users, then *boot* into the system using your browser, and do >> further customization. >> >> Then, every so often, you can tell it to automatically upgrade all >> packages, then roll several different flavors of your system: bootable >> LiveDVD, bootable USB image, VMWare appliance, etc. >> >> You should take a look at it. It's pretty amazing. >> >> I guarantee I could do an "Ultimate SUSE" in a day using SUSE Studio! >> >> Peter >> >> "Happiness makes up in height what it lacks in length" >> -- Robert Frost >> >> >> >> On 23 March 2011 14:37, joachim Gwoke <[email protected]> wrote: >> >>> Peter, >>> Ultimate is ubuntu with a lot of added programs and customisations. I >>> don't think SuseStudio allows all those customisations without some >>> kind of >>> paid subscription. I doubt there is anything out there that allows you >>> automate something like ultimate. The alternative would be painstaking. >>> >>> >>> regards >>> Joachim >>> >>> >>> >>> _______________________________________________ >>> The Uganda Linux User Group: http://linux.or.ug >>> >>> Send messages to this mailing list by addressing e-mails to: >>> [email protected] >>> Mailing list archives: http://www.mail-archive.com/[email protected]/ >>> Mailing list settings: http://kym.net/mailman/listinfo/lug >>> To unsubscribe: http://kym.net/mailman/options/lug >>> >>> The Uganda LUG mailing list is generously hosted by INFOCOM: >>> http://www.infocom.co.ug/ >>> >>> The above comments and data are owned by whoever posted them (including >>> attachments if any). The mailing list host is not responsible for them >>> in >>> any way. >>> >> >> > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://kym.net/pipermail/lug/attachments/20110323/aef85f84/attachment.html> > > ------------------------------ > > _______________________________________________ > The Uganda Linux User Group: http://linux.or.ug > > Send messages to this mailing list by addressing e-mails to: > [email protected] > Mailing list archives: http://www.mail-archive.com/[email protected]/ > Mailing list settings: http://kym.net/mailman/listinfo/lug > To unsubscribe: http://kym.net/mailman/options/lug > > The Uganda LUG mailing list is generously hosted by INFOCOM: > http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The mailing list host is not responsible for them in > any way. > > End of LUG Digest, Vol 79, Issue 50 > *********************************** > _______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
