subject:"Re\: Adding network \& IP to hosts.deny"

Re: Adding network IP to hosts.deny

2004-10-11 Thread Subhro

The firewall would be definitely a better bet than host.deny.
If you are using ipfw you can simply add a couple of deny rules like:

ipfw add 100 deny all from 192.168.100.0/24 to me in

Regards
S.


On Mon, 11 Oct 2004 08:46:40 +0200, Pelle Andersson [EMAIL PROTECTED] wrote:
 
 Hi!
 
 I have a lot of login attempts from various networks and IP addresses
 on my FBSD 4.10 server. I have read the man pages for hosts.deny but
 do not understand how to add networks and IP addresses to it.
 
 Let's say I want to block the network address 192.168.100.0 and/or
 the IP address 192.168.135.77.
 
 What I understand is when using hosts.deny, I stopping them totally
 from using any networking services, right?
 
 Would it be better to let the built-in firewall (/etc/rc.firewall)
 to stopping them? I have the firewall activated and have changed
 the port for example SSH to a higher one.
 
 Could someone please provide me with some examples on either using
 hosts.deny or the default firewall?
 
 A big thanks in advance,
 Best Regards Pelle
 
 ___
 [EMAIL PROTECTED] mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to [EMAIL PROTECTED]
 


-- 
Subhro Sankha Kar
School of Information Technology
Block AQ-13/1 Sector V
ZIP 700091
India
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Adding network IP to hosts.deny

2004-10-11 Thread Pelle Andersson

 
Thanks for your reply!

Does it matter where in the script I put this/these line/lines?
Must it be before or after any other rule?

Thanks

 The firewall would be definitely a better bet than host.deny.
 If you are using ipfw you can simply add a couple of deny rules
like:

 ipfw add 100 deny all from 192.168.100.0/24 to me in

 Regards
 S.


On Mon, 11 Oct 2004 08:46:40 +0200, Pelle Andersson [EMAIL PROTECTED]
wrote:
 
 Hi!
 
 I have a lot of login attempts from various networks and IP
addresses 
 on my FBSD 4.10 server. I have read the man pages for hosts.deny but

 do not understand how to add networks and IP addresses to it.
 
 Let's say I want to block the network address 192.168.100.0 and/or
the 
 IP address 192.168.135.77.
 
 What I understand is when using hosts.deny, I stopping them totally 
 from using any networking services, right?
 
 Would it be better to let the built-in firewall (/etc/rc.firewall)
to 
 stopping them? I have the firewall activated and have changed the
port 
 for example SSH to a higher one.
 
 Could someone please provide me with some examples on either using 
 hosts.deny or the default firewall?
 
 A big thanks in advance,
 Best Regards Pelle
 
 ___
 [EMAIL PROTECTED] mailing list 
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to
[EMAIL PROTECTED]
 


--
Subhro Sankha Kar
School of Information Technology
Block AQ-13/1 Sector V
ZIP 700091
India

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Adding network IP to hosts.deny

2004-10-11 Thread DanGer

Hello Subhro,

Monday, October 11, 2004, 11:32:13 AM, you wrote:

 The firewall would be definitely a better bet than host.deny.
 If you are using ipfw you can simply add a couple of deny rules like:

 ipfw add 100 deny all from 192.168.100.0/24 to me in

 Regards
 S.


 On Mon, 11 Oct 2004 08:46:40 +0200, Pelle Andersson [EMAIL PROTECTED] wrote:
 
 Hi!
 
 I have a lot of login attempts from various networks and IP addresses
 on my FBSD 4.10 server. I have read the man pages for hosts.deny but
 do not understand how to add networks and IP addresses to it.
 
 Let's say I want to block the network address 192.168.100.0 and/or
 the IP address 192.168.135.77.
 
 What I understand is when using hosts.deny, I stopping them totally
 from using any networking services, right?
 
 Would it be better to let the built-in firewall (/etc/rc.firewall)
 to stopping them? I have the firewall activated and have changed
 the port for example SSH to a higher one.
 
 Could someone please provide me with some examples on either using
 hosts.deny or the default firewall?

you should try hosts.allow alrady. for example:

sshd : 192.168.135.77 : deny

 
 A big thanks in advance,
 Best Regards Pelle


-- 
Best regards

+--==/\/\==--+
| DanGer [EMAIL PROTECTED] |
| [EMAIL PROTECTED] ICQ261701668 |
| http://danger.homeunix.org |
+--==\/\/==--+

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Adding network IP to hosts.deny

2004-10-11 Thread Rob

Pelle Andersson wrote:
Hi!
I have a lot of login attempts from various networks and IP addresses
on my FBSD 4.10 server. I have read the man pages for hosts.deny but
do not understand how to add networks and IP addresses to it.
Let's say I want to block the network address 192.168.100.0 and/or
the IP address 192.168.135.77.
As far as I understood, the use of /etc/hosts.deny is (going to be?)
depreciated. Instead use deny rules in /etc/hosts.allow.
For example:
  ALL : 192.168.100.0 192.168.135.77 : deny
This does: for all services that actually using the /etc/hosts.allow,
it will deny all access by these two IP numbers.
However, notice that there are services that do not use the hosts.allow,
and those won't be affected. So if you want a full proof block of these
IP numbers, you better make a firewall rule to deny their access.
Rob.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Adding network IP to hosts.deny

2004-10-11 Thread uidzero

Pelle Andersson wrote:
Hi!
I have a lot of login attempts from various networks and IP addresses
on my FBSD 4.10 server. I have read the man pages for hosts.deny but
do not understand how to add networks and IP addresses to it.
Let's say I want to block the network address 192.168.100.0 and/or
the IP address 192.168.135.77.
What I understand is when using hosts.deny, I stopping them totally
from using any networking services, right?
Would it be better to let the built-in firewall (/etc/rc.firewall)
to stopping them? I have the firewall activated and have changed
the port for example SSH to a higher one.
Could someone please provide me with some examples on either using
hosts.deny or the default firewall?
A big thanks in advance,
Best Regards Pelle
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
 

I use /etc/rc.ipfw...
${fwcmd} add 300 deny IP from 24.19.0.105 to any
${fwcmd} add 301 deny IP from 24.79.68.179 to any
${fwcmd} add 400 deny IP from 61.100.180.125 to any
${fwcmd} add 401 deny IP from 61.206.125.28 to any
${fwcmd} add 402 deny IP from 61.211.239.236 to any
${fwcmd} add 500 deny IP from 63.144.19.6 to any
${fwcmd} add 501 deny IP from 64.246.20.123 to any
${fwcmd} add 502 deny IP from 66.223.46.129 to any
${fwcmd} add 503 deny IP from 67.81.127.99 to any
${fwcmd} add 600 deny IP from 81.223.99.90 to any
${fwcmd} add 700 deny IP from 140.112.124.123 to any
${fwcmd} add 701 deny IP from 159.226.2.161 to any
${fwcmd} add 702 deny IP from 163.25.65.3 to any
${fwcmd} add 703 deny IP from 193.145.87.3 to any
${fwcmd} add 800 deny IP from 202.57.191.179 to any
${fwcmd} add 801 deny IP from 202.226.185.150 to any
${fwcmd} add 810 deny IP from 203.71.62.9 to any
${fwcmd} add 113 deny IP from 203.98.166.25 to any
${fwcmd} add 812 deny IP from 203.115.96.151 to any
${fwcmd} add 813 deny IP from 203.169.248.5 to any
${fwcmd} add 814 deny IP from 203.186.157.37 to any
${fwcmd} add 830 deny IP from 205.209.141.50 to any
${fwcmd} add 870 deny IP from 209.88.93.138 to any
${fwcmd} add 871 deny IP from 209.172.103.235 to any
${fwcmd} add 880 deny IP from 210.204.129.11 to any
${fwcmd} add 890 deny IP from 211.60.219.250 to any
${fwcmd} add 891 deny IP from 211.221.246.28 to any
${fwcmd} add 892 deny IP from 211.251.71.2 to any
${fwcmd} add 893 deny IP from 211.252.9.126 to any
${fwcmd} add 940 deny IP from 216.29.112.126 to any
${fwcmd} add 950 deny IP from 217.172.182.148 to any
${fwcmd} add 960 deny IP from 218.21.129.105 to any
${fwcmd} add 961 deny IP from 218.49.183.17 to any
${fwcmd} add 962 deny IP from 218.102.19.78 to any
${fwcmd} add 963 deny IP from 218.237.66.152 to any
${fwcmd} add 970 deny IP from 220.64.223.249 to any
${fwcmd} add 971 deny IP from 220.73.215.151 to any
${fwcmd} add 980 deny IP from 221.3.131.80 to any
${fwcmd} add 981 deny IP from 221.12.11.118 to any
${fwcmd} add 982 deny IP from 222.56.118.124 to any
Is th list I have so far... I haven't added any (I'm sure I received 
more attempts) since Friday... above this part, I have the rest of my 
firewall script..

Hopethis helps,
Michael
--
Michael D. Whities
[EMAIL PROTECTED]
http://www.one-arm.com
--
There are four colors of hats to watch for: 
Black, White, Grey, and Red.

The meanings are: 
Cracker, Hacker, Guru, and Victim.

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Adding network IP to hosts.deny

2004-10-11 Thread Rob

uidzero wrote:
Pelle Andersson wrote:
Hi!
I have a lot of login attempts from various networks and IP addresses
on my FBSD 4.10 server. I have read the man pages for hosts.deny but
do not understand how to add networks and IP addresses to it.
I use /etc/rc.ipfw...
${fwcmd} add 300 deny IP from 24.19.0.105 to any
${fwcmd} add 301 deny IP from 24.79.68.179 to any
${fwcmd} add 400 deny IP from 61.100.180.125 to any
${fwcmd} add 401 deny IP from 61.206.125.28 to any
${fwcmd} add 402 deny IP from 61.211.239.236 to any
${fwcmd} add 500 deny IP from 63.144.19.6 to any
${fwcmd} add 501 deny IP from 64.246.20.123 to any
${fwcmd} add 502 deny IP from 66.223.46.129 to any
${fwcmd} add 503 deny IP from 67.81.127.99 to any
${fwcmd} add 600 deny IP from 81.223.99.90 to any
${fwcmd} add 700 deny IP from 140.112.124.123 to any
${fwcmd} add 701 deny IP from 159.226.2.161 to any
${fwcmd} add 702 deny IP from 163.25.65.3 to any
${fwcmd} add 703 deny IP from 193.145.87.3 to any
${fwcmd} add 800 deny IP from 202.57.191.179 to any
${fwcmd} add 801 deny IP from 202.226.185.150 to any
${fwcmd} add 810 deny IP from 203.71.62.9 to any
${fwcmd} add 113 deny IP from 203.98.166.25 to any
${fwcmd} add 812 deny IP from 203.115.96.151 to any
${fwcmd} add 813 deny IP from 203.169.248.5 to any
${fwcmd} add 814 deny IP from 203.186.157.37 to any
${fwcmd} add 830 deny IP from 205.209.141.50 to any
${fwcmd} add 870 deny IP from 209.88.93.138 to any
${fwcmd} add 871 deny IP from 209.172.103.235 to any
${fwcmd} add 880 deny IP from 210.204.129.11 to any
${fwcmd} add 890 deny IP from 211.60.219.250 to any
${fwcmd} add 891 deny IP from 211.221.246.28 to any
${fwcmd} add 892 deny IP from 211.251.71.2 to any
${fwcmd} add 893 deny IP from 211.252.9.126 to any
${fwcmd} add 940 deny IP from 216.29.112.126 to any
${fwcmd} add 950 deny IP from 217.172.182.148 to any
${fwcmd} add 960 deny IP from 218.21.129.105 to any
${fwcmd} add 961 deny IP from 218.49.183.17 to any
${fwcmd} add 962 deny IP from 218.102.19.78 to any
${fwcmd} add 963 deny IP from 218.237.66.152 to any
${fwcmd} add 970 deny IP from 220.64.223.249 to any
${fwcmd} add 971 deny IP from 220.73.215.151 to any
${fwcmd} add 980 deny IP from 221.3.131.80 to any
${fwcmd} add 981 deny IP from 221.12.11.118 to any
${fwcmd} add 982 deny IP from 222.56.118.124 to any
I have attacks by similar IP numbers. However, I discovered
that these IP numbers are used only once to attack my PC.
Next attack will be from a different IP number. So adding the
IP numbers to your list each time after an attack, will make
your deny-list longer and longer, but won't make it more effective,
since it doesn't protect you against the attackers next attempts.
Unless, of course, someone is attacking again and again from the
same IP number; but that is not what I observe.
Rob.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Adding network IP to hosts.deny

2004-10-11 Thread uidzero

Rob wrote:
uidzero wrote:
Pelle Andersson wrote:
Hi!
I have a lot of login attempts from various networks and IP addresses
on my FBSD 4.10 server. I have read the man pages for hosts.deny but
do not understand how to add networks and IP addresses to it.
I use /etc/rc.ipfw...
${fwcmd} add 300 deny IP from 24.19.0.105 to any
${fwcmd} add 301 deny IP from 24.79.68.179 to any
${fwcmd} add 400 deny IP from 61.100.180.125 to any
${fwcmd} add 401 deny IP from 61.206.125.28 to any
${fwcmd} add 402 deny IP from 61.211.239.236 to any
${fwcmd} add 500 deny IP from 63.144.19.6 to any
${fwcmd} add 501 deny IP from 64.246.20.123 to any
${fwcmd} add 502 deny IP from 66.223.46.129 to any
${fwcmd} add 503 deny IP from 67.81.127.99 to any
${fwcmd} add 600 deny IP from 81.223.99.90 to any
${fwcmd} add 700 deny IP from 140.112.124.123 to any
${fwcmd} add 701 deny IP from 159.226.2.161 to any
${fwcmd} add 702 deny IP from 163.25.65.3 to any
${fwcmd} add 703 deny IP from 193.145.87.3 to any
${fwcmd} add 800 deny IP from 202.57.191.179 to any
${fwcmd} add 801 deny IP from 202.226.185.150 to any
${fwcmd} add 810 deny IP from 203.71.62.9 to any
${fwcmd} add 113 deny IP from 203.98.166.25 to any
${fwcmd} add 812 deny IP from 203.115.96.151 to any
${fwcmd} add 813 deny IP from 203.169.248.5 to any
${fwcmd} add 814 deny IP from 203.186.157.37 to any
${fwcmd} add 830 deny IP from 205.209.141.50 to any
${fwcmd} add 870 deny IP from 209.88.93.138 to any
${fwcmd} add 871 deny IP from 209.172.103.235 to any
${fwcmd} add 880 deny IP from 210.204.129.11 to any
${fwcmd} add 890 deny IP from 211.60.219.250 to any
${fwcmd} add 891 deny IP from 211.221.246.28 to any
${fwcmd} add 892 deny IP from 211.251.71.2 to any
${fwcmd} add 893 deny IP from 211.252.9.126 to any
${fwcmd} add 940 deny IP from 216.29.112.126 to any
${fwcmd} add 950 deny IP from 217.172.182.148 to any
${fwcmd} add 960 deny IP from 218.21.129.105 to any
${fwcmd} add 961 deny IP from 218.49.183.17 to any
${fwcmd} add 962 deny IP from 218.102.19.78 to any
${fwcmd} add 963 deny IP from 218.237.66.152 to any
${fwcmd} add 970 deny IP from 220.64.223.249 to any
${fwcmd} add 971 deny IP from 220.73.215.151 to any
${fwcmd} add 980 deny IP from 221.3.131.80 to any
${fwcmd} add 981 deny IP from 221.12.11.118 to any
${fwcmd} add 982 deny IP from 222.56.118.124 to any

I have attacks by similar IP numbers. However, I discovered
that these IP numbers are used only once to attack my PC.
Next attack will be from a different IP number. So adding the
IP numbers to your list each time after an attack, will make
your deny-list longer and longer, but won't make it more effective,
since it doesn't protect you against the attackers next attempts.
Unless, of course, someone is attacking again and again from the
same IP number; but that is not what I observe.
Rob.

Actually, quite a few has attempted several times from the same IPs. I 
figure if it gets to big, I'll just block the whole class. What do I 
care if a whole country can't access my lil webserver? :)

Thanks for the comment.
Michael
--
Michael D. Whities
[EMAIL PROTECTED]
http://www.one-arm.com
--
There are four colors of hats to watch for: 
Black, White, Grey, and Red.

The meanings are: 
Cracker, Hacker, Guru, and Victim.

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Adding network IP to hosts.deny

2004-10-11 Thread Pelle Andersson

 
Thanks all for you replys!

Yes the IP addresses is changing all the time. The pages I serve
are for one country only (.se) so I think I can block whole nets
without any problem. If the pages where International there would
be a problem I think.

2 new questions.

1. Is it possible to block a whole network with IPFW?

Like this for example:
---
${fwcmd} add 961 deny IP from 192.168.100.0/24 to any
---

2. Do I also need to raise the number 961 by one in the above line for
each
new rule-line I add?



In the meantime, I need/want/must to learn IPFW =)

Thank again,
Best regards









Rob wrote:

 uidzero wrote:

 Pelle Andersson wrote:

 Hi!

 I have a lot of login attempts from various networks and IP 
 addresses on my FBSD 4.10 server. I have read the man pages for 
 hosts.deny but do not understand how to add networks and IP
addresses to it.


 I use /etc/rc.ipfw...


 ${fwcmd} add 300 deny IP from 24.19.0.105 to any ${fwcmd} add 301 
 deny IP from 24.79.68.179 to any ${fwcmd} add 400 deny IP from 
 61.100.180.125 to any ${fwcmd} add 401 deny IP from 61.206.125.28
to 
 any ${fwcmd} add 402 deny IP from 61.211.239.236 to any ${fwcmd}
add 
 500 deny IP from 63.144.19.6 to any ${fwcmd} add 501 deny IP from 
 64.246.20.123 to any ${fwcmd} add 502 deny IP from 66.223.46.129 to

 any ${fwcmd} add 503 deny IP from 67.81.127.99 to any ${fwcmd} add 
 600 deny IP from 81.223.99.90 to any ${fwcmd} add 700 deny IP from 
 140.112.124.123 to any ${fwcmd} add 701 deny IP from 159.226.2.161
to 
 any ${fwcmd} add 702 deny IP from 163.25.65.3 to any ${fwcmd} add
703 
 deny IP from 193.145.87.3 to any ${fwcmd} add 800 deny IP from 
 202.57.191.179 to any ${fwcmd} add 801 deny IP from 202.226.185.150

 to any ${fwcmd} add 810 deny IP from 203.71.62.9 to any ${fwcmd}
add 
 113 deny IP from 203.98.166.25 to any ${fwcmd} add 812 deny IP from

 203.115.96.151 to any ${fwcmd} add 813 deny IP from 203.169.248.5
to 
 any ${fwcmd} add 814 deny IP from 203.186.157.37 to any ${fwcmd}
add 
 830 deny IP from 205.209.141.50 to any ${fwcmd} add 870 deny IP
from 
 209.88.93.138 to any ${fwcmd} add 871 deny IP from 209.172.103.235
to 
 any ${fwcmd} add 880 deny IP from 210.204.129.11 to any ${fwcmd}
add 
 890 deny IP from 211.60.219.250 to any ${fwcmd} add 891 deny IP
from 
 211.221.246.28 to any ${fwcmd} add 892 deny IP from 211.251.71.2 to

 any ${fwcmd} add 893 deny IP from 211.252.9.126 to any ${fwcmd} add

 940 deny IP from 216.29.112.126 to any ${fwcmd} add 950 deny IP
from 
 217.172.182.148 to any ${fwcmd} add 960 deny IP from 218.21.129.105

 to any ${fwcmd} add 961 deny IP from 218.49.183.17 to any ${fwcmd} 
 add 962 deny IP from 218.102.19.78 to any ${fwcmd} add 963 deny IP 
 from 218.237.66.152 to any ${fwcmd} add 970 deny IP from 
 220.64.223.249 to any ${fwcmd} add 971 deny IP from 220.73.215.151
to 
 any ${fwcmd} add 980 deny IP from 221.3.131.80 to any ${fwcmd} add 
 981 deny IP from 221.12.11.118 to any ${fwcmd} add 982 deny IP from

 222.56.118.124 to any


 I have attacks by similar IP numbers. However, I discovered that
these 
 IP numbers are used only once to attack my PC.
 Next attack will be from a different IP number. So adding the IP 
 numbers to your list each time after an attack, will make your 
 deny-list longer and longer, but won't make it more effective, since

 it doesn't protect you against the attackers next attempts.

 Unless, of course, someone is attacking again and again from the
same 
 IP number; but that is not what I observe.

 Rob.



Actually, quite a few has attempted several times from the same IPs. I
figure if it gets to big, I'll just block the whole class. What do I
care if a whole country can't access my lil webserver? :)

Thanks for the comment.

Michael

--
Michael D. Whities
[EMAIL PROTECTED]
http://www.one-arm.com

--

There are four colors of hats to watch for: 
Black, White, Grey, and Red.

The meanings are: 
Cracker, Hacker, Guru, and Victim.

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
[EMAIL PROTECTED]

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Adding network IP to hosts.deny

2004-10-11 Thread Mark Frasa

- Forwarded message from Mark Frasa [EMAIL PROTECTED] -

From: Mark Frasa [EMAIL PROTECTED]
Subject: Re: Adding network  IP to hosts.deny
To: Pelle Andersson [EMAIL PROTECTED]
Reply-To: Mark Frasa [EMAIL PROTECTED]
Date: Mon, 11 Oct 2004 13:05:04 +0200
User-Agent: Mutt/1.5.6i
Message-ID: [EMAIL PROTECTED]

On 2004.10.11 12:53:20 +0200, Pelle Andersson wrote:

 Thanks all for you replys!

 Yes the IP addresses is changing all the time. The pages I serve
 are for one country only (.se) so I think I can block whole nets
 without any problem. If the pages where International there would
 be a problem I think.

 2 new questions.

 1. Is it possible to block a whole network with IPFW?

 Like this for example:
 ---
 ${fwcmd} add 961 deny IP from 192.168.100.0/24 to any
 ---

 2. Do I also need to raise the number 961 by one in the above line for
 each
 new rule-line I add?

 In the meantime, I need/want/must to learn IPFW =)

 Thank again,
 Best regards

 Rob wrote:

  uidzero wrote:

  Pelle Andersson wrote:

  Hi!

  I have a lot of login attempts from various networks and IP 
  addresses on my FBSD 4.10 server. I have read the man pages for 
  hosts.deny but do not understand how to add networks and IP
 addresses to it.

  I use /etc/rc.ipfw...

  ${fwcmd} add 300 deny IP from 24.19.0.105 to any ${fwcmd} add 301 
  deny IP from 24.79.68.179 to any ${fwcmd} add 400 deny IP from 
  61.100.180.125 to any ${fwcmd} add 401 deny IP from 61.206.125.28
 to 
  any ${fwcmd} add 402 deny IP from 61.211.239.236 to any ${fwcmd}
 add 
  500 deny IP from 63.144.19.6 to any ${fwcmd} add 501 deny IP from 
  64.246.20.123 to any ${fwcmd} add 502 deny IP from 66.223.46.129 to

  any ${fwcmd} add 503 deny IP from 67.81.127.99 to any ${fwcmd} add 
  600 deny IP from 81.223.99.90 to any ${fwcmd} add 700 deny IP from 
  140.112.124.123 to any ${fwcmd} add 701 deny IP from 159.226.2.161
 to 
  any ${fwcmd} add 702 deny IP from 163.25.65.3 to any ${fwcmd} add
 703 
  deny IP from 193.145.87.3 to any ${fwcmd} add 800 deny IP from 
  202.57.191.179 to any ${fwcmd} add 801 deny IP from 202.226.185.150

  to any ${fwcmd} add 810 deny IP from 203.71.62.9 to any ${fwcmd}
 add 
  113 deny IP from 203.98.166.25 to any ${fwcmd} add 812 deny IP from

  203.115.96.151 to any ${fwcmd} add 813 deny IP from 203.169.248.5
 to 
  any ${fwcmd} add 814 deny IP from 203.186.157.37 to any ${fwcmd}
 add 
  830 deny IP from 205.209.141.50 to any ${fwcmd} add 870 deny IP
 from 
  209.88.93.138 to any ${fwcmd} add 871 deny IP from 209.172.103.235
 to 
  any ${fwcmd} add 880 deny IP from 210.204.129.11 to any ${fwcmd}
 add 
  890 deny IP from 211.60.219.250 to any ${fwcmd} add 891 deny IP
 from 
  211.221.246.28 to any ${fwcmd} add 892 deny IP from 211.251.71.2 to

  any ${fwcmd} add 893 deny IP from 211.252.9.126 to any ${fwcmd} add

  940 deny IP from 216.29.112.126 to any ${fwcmd} add 950 deny IP
 from 
  217.172.182.148 to any ${fwcmd} add 960 deny IP from 218.21.129.105

  to any ${fwcmd} add 961 deny IP from 218.49.183.17 to any ${fwcmd} 
  add 962 deny IP from 218.102.19.78 to any ${fwcmd} add 963 deny IP 
  from 218.237.66.152 to any ${fwcmd} add 970 deny IP from 
  220.64.223.249 to any ${fwcmd} add 971 deny IP from 220.73.215.151
 to 
  any ${fwcmd} add 980 deny IP from 221.3.131.80 to any ${fwcmd} add 
  981 deny IP from 221.12.11.118 to any ${fwcmd} add 982 deny IP from

  222.56.118.124 to any

  I have attacks by similar IP numbers. However, I discovered that
 these 
  IP numbers are used only once to attack my PC.
  Next attack will be from a different IP number. So adding the IP 
  numbers to your list each time after an attack, will make your 
  deny-list longer and longer, but won't make it more effective, since

  it doesn't protect you against the attackers next attempts.

  Unless, of course, someone is attacking again and again from the
 same 
  IP number; but that is not what I observe.

  Rob.

 Actually, quite a few has attempted several times from the same IPs. I
 figure if it gets to big, I'll just block the whole class. What do I
 care if a whole country can't access my lil webserver? :)

 Thanks for the comment.

 Michael

 --
 Michael D. Whities
 [EMAIL PROTECTED]
 http://www.one-arm.com

 --

 There are four colors of hats to watch for: 
 Black, White, Grey, and Red.

 The meanings are: 
 Cracker, Hacker, Guru, and Victim.

 ___
 [EMAIL PROTECTED] mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to
 [EMAIL PROTECTED]

 ___
 [EMAIL PROTECTED] mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to [EMAIL PROTECTED]

Hi,

Q1  Yes, you can add like /24 behind the ip-address to specify a range.

Q2  The best thing is to raise the number for each rule, when you later

Re: Adding network IP to hosts.deny

2004-10-11 Thread Rob

uidzero wrote:
Rob wrote:
uidzero wrote:
Pelle Andersson wrote:
Hi!
I have a lot of login attempts from various networks and IP addresses
on my FBSD 4.10 server. I have read the man pages for hosts.deny but
do not understand how to add networks and IP addresses to it.
I use /etc/rc.ipfw...
${fwcmd} add 300 deny IP from 24.19.0.105 to any
${fwcmd} add 301 deny IP from 24.79.68.179 to any
${fwcmd} add 400 deny IP from 61.100.180.125 to any
${fwcmd} add 401 deny IP from 61.206.125.28 to any
  [...snip...]
${fwcmd} add 971 deny IP from 220.73.215.151 to any
${fwcmd} add 980 deny IP from 221.3.131.80 to any
${fwcmd} add 981 deny IP from 221.12.11.118 to any
${fwcmd} add 982 deny IP from 222.56.118.124 to any

I have attacks by similar IP numbers. However, I discovered
that these IP numbers are used only once to attack my PC.
Next attack will be from a different IP number. So adding the
IP numbers to your list each time after an attack, will make
your deny-list longer and longer, but won't make it more effective,
since it doesn't protect you against the attackers next attempts.
Unless, of course, someone is attacking again and again from the
same IP number; but that is not what I observe.
Rob.

Actually, quite a few has attempted several times from the same IPs. I 
figure if it gets to big, I'll just block the whole class. What do I 
care if a whole country can't access my lil webserver? :)
Have you bothered to monitor your rules with ipfw -dt show, or by adding
a 'log' to your rules? That would give you a clue as to how effective
your deny rules are.
Rob.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Adding network IP to hosts.deny

2004-10-11 Thread uidzero

Rob wrote:
uidzero wrote:
Rob wrote:
uidzero wrote:
Pelle Andersson wrote:
Hi!
I have a lot of login attempts from various networks and IP addresses
on my FBSD 4.10 server. I have read the man pages for hosts.deny but
do not understand how to add networks and IP addresses to it.
I use /etc/rc.ipfw...
${fwcmd} add 300 deny IP from 24.19.0.105 to any
${fwcmd} add 301 deny IP from 24.79.68.179 to any
${fwcmd} add 400 deny IP from 61.100.180.125 to any
${fwcmd} add 401 deny IP from 61.206.125.28 to any

  [...snip...]
${fwcmd} add 971 deny IP from 220.73.215.151 to any
${fwcmd} add 980 deny IP from 221.3.131.80 to any
${fwcmd} add 981 deny IP from 221.12.11.118 to any
${fwcmd} add 982 deny IP from 222.56.118.124 to any


I have attacks by similar IP numbers. However, I discovered
that these IP numbers are used only once to attack my PC.
Next attack will be from a different IP number. So adding the
IP numbers to your list each time after an attack, will make
your deny-list longer and longer, but won't make it more effective,
since it doesn't protect you against the attackers next attempts.
Unless, of course, someone is attacking again and again from the
same IP number; but that is not what I observe.
Rob.

Actually, quite a few has attempted several times from the same IPs. 
I figure if it gets to big, I'll just block the whole class. What do 
I care if a whole country can't access my lil webserver? :)

Have you bothered to monitor your rules with ipfw -dt show, or by adding
a 'log' to your rules? That would give you a clue as to how effective
your deny rules are.
Rob.

I've added a few friends static IPs and they weren't able to get any of 
the services my system runs. So,noy only is ssh blocked, everything is 
blocked.

Michael
--
Michael D. Whities
[EMAIL PROTECTED]
http://www.one-arm.com
--
There are four colors of hats to watch for: 
Black, White, Grey, and Red.

The meanings are: 
Cracker, Hacker, Guru, and Victim.

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Adding network IP to hosts.deny

Re: Adding network IP to hosts.deny

Re: Adding network IP to hosts.deny

Re: Adding network IP to hosts.deny

Re: Adding network IP to hosts.deny

Re: Adding network IP to hosts.deny

Re: Adding network IP to hosts.deny

Re: Adding network IP to hosts.deny

Re: Adding network IP to hosts.deny

Re: Adding network IP to hosts.deny

Re: Adding network IP to hosts.deny

11 matches

Site Navigation

Mail list logo

Footer information