Re: Adding network IP to hosts.deny
The firewall would be definitely a better bet than host.deny. If you are using ipfw you can simply add a couple of deny rules like: ipfw add 100 deny all from 192.168.100.0/24 to me in Regards S. On Mon, 11 Oct 2004 08:46:40 +0200, Pelle Andersson [EMAIL PROTECTED] wrote: Hi! I have a lot of login attempts from various networks and IP addresses on my FBSD 4.10 server. I have read the man pages for hosts.deny but do not understand how to add networks and IP addresses to it. Let's say I want to block the network address 192.168.100.0 and/or the IP address 192.168.135.77. What I understand is when using hosts.deny, I stopping them totally from using any networking services, right? Would it be better to let the built-in firewall (/etc/rc.firewall) to stopping them? I have the firewall activated and have changed the port for example SSH to a higher one. Could someone please provide me with some examples on either using hosts.deny or the default firewall? A big thanks in advance, Best Regards Pelle ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Subhro Sankha Kar School of Information Technology Block AQ-13/1 Sector V ZIP 700091 India ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Adding network IP to hosts.deny
Thanks for your reply! Does it matter where in the script I put this/these line/lines? Must it be before or after any other rule? Thanks The firewall would be definitely a better bet than host.deny. If you are using ipfw you can simply add a couple of deny rules like: ipfw add 100 deny all from 192.168.100.0/24 to me in Regards S. On Mon, 11 Oct 2004 08:46:40 +0200, Pelle Andersson [EMAIL PROTECTED] wrote: Hi! I have a lot of login attempts from various networks and IP addresses on my FBSD 4.10 server. I have read the man pages for hosts.deny but do not understand how to add networks and IP addresses to it. Let's say I want to block the network address 192.168.100.0 and/or the IP address 192.168.135.77. What I understand is when using hosts.deny, I stopping them totally from using any networking services, right? Would it be better to let the built-in firewall (/etc/rc.firewall) to stopping them? I have the firewall activated and have changed the port for example SSH to a higher one. Could someone please provide me with some examples on either using hosts.deny or the default firewall? A big thanks in advance, Best Regards Pelle ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Subhro Sankha Kar School of Information Technology Block AQ-13/1 Sector V ZIP 700091 India ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Adding network IP to hosts.deny
Hello Subhro, Monday, October 11, 2004, 11:32:13 AM, you wrote: The firewall would be definitely a better bet than host.deny. If you are using ipfw you can simply add a couple of deny rules like: ipfw add 100 deny all from 192.168.100.0/24 to me in Regards S. On Mon, 11 Oct 2004 08:46:40 +0200, Pelle Andersson [EMAIL PROTECTED] wrote: Hi! I have a lot of login attempts from various networks and IP addresses on my FBSD 4.10 server. I have read the man pages for hosts.deny but do not understand how to add networks and IP addresses to it. Let's say I want to block the network address 192.168.100.0 and/or the IP address 192.168.135.77. What I understand is when using hosts.deny, I stopping them totally from using any networking services, right? Would it be better to let the built-in firewall (/etc/rc.firewall) to stopping them? I have the firewall activated and have changed the port for example SSH to a higher one. Could someone please provide me with some examples on either using hosts.deny or the default firewall? you should try hosts.allow alrady. for example: sshd : 192.168.135.77 : deny A big thanks in advance, Best Regards Pelle -- Best regards +--==/\/\==--+ | DanGer [EMAIL PROTECTED] | | [EMAIL PROTECTED] ICQ261701668 | | http://danger.homeunix.org | +--==\/\/==--+ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Adding network IP to hosts.deny
Pelle Andersson wrote: Hi! I have a lot of login attempts from various networks and IP addresses on my FBSD 4.10 server. I have read the man pages for hosts.deny but do not understand how to add networks and IP addresses to it. Let's say I want to block the network address 192.168.100.0 and/or the IP address 192.168.135.77. As far as I understood, the use of /etc/hosts.deny is (going to be?) depreciated. Instead use deny rules in /etc/hosts.allow. For example: ALL : 192.168.100.0 192.168.135.77 : deny This does: for all services that actually using the /etc/hosts.allow, it will deny all access by these two IP numbers. However, notice that there are services that do not use the hosts.allow, and those won't be affected. So if you want a full proof block of these IP numbers, you better make a firewall rule to deny their access. Rob. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Adding network IP to hosts.deny
Pelle Andersson wrote: Hi! I have a lot of login attempts from various networks and IP addresses on my FBSD 4.10 server. I have read the man pages for hosts.deny but do not understand how to add networks and IP addresses to it. Let's say I want to block the network address 192.168.100.0 and/or the IP address 192.168.135.77. What I understand is when using hosts.deny, I stopping them totally from using any networking services, right? Would it be better to let the built-in firewall (/etc/rc.firewall) to stopping them? I have the firewall activated and have changed the port for example SSH to a higher one. Could someone please provide me with some examples on either using hosts.deny or the default firewall? A big thanks in advance, Best Regards Pelle ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I use /etc/rc.ipfw... ${fwcmd} add 300 deny IP from 24.19.0.105 to any ${fwcmd} add 301 deny IP from 24.79.68.179 to any ${fwcmd} add 400 deny IP from 61.100.180.125 to any ${fwcmd} add 401 deny IP from 61.206.125.28 to any ${fwcmd} add 402 deny IP from 61.211.239.236 to any ${fwcmd} add 500 deny IP from 63.144.19.6 to any ${fwcmd} add 501 deny IP from 64.246.20.123 to any ${fwcmd} add 502 deny IP from 66.223.46.129 to any ${fwcmd} add 503 deny IP from 67.81.127.99 to any ${fwcmd} add 600 deny IP from 81.223.99.90 to any ${fwcmd} add 700 deny IP from 140.112.124.123 to any ${fwcmd} add 701 deny IP from 159.226.2.161 to any ${fwcmd} add 702 deny IP from 163.25.65.3 to any ${fwcmd} add 703 deny IP from 193.145.87.3 to any ${fwcmd} add 800 deny IP from 202.57.191.179 to any ${fwcmd} add 801 deny IP from 202.226.185.150 to any ${fwcmd} add 810 deny IP from 203.71.62.9 to any ${fwcmd} add 113 deny IP from 203.98.166.25 to any ${fwcmd} add 812 deny IP from 203.115.96.151 to any ${fwcmd} add 813 deny IP from 203.169.248.5 to any ${fwcmd} add 814 deny IP from 203.186.157.37 to any ${fwcmd} add 830 deny IP from 205.209.141.50 to any ${fwcmd} add 870 deny IP from 209.88.93.138 to any ${fwcmd} add 871 deny IP from 209.172.103.235 to any ${fwcmd} add 880 deny IP from 210.204.129.11 to any ${fwcmd} add 890 deny IP from 211.60.219.250 to any ${fwcmd} add 891 deny IP from 211.221.246.28 to any ${fwcmd} add 892 deny IP from 211.251.71.2 to any ${fwcmd} add 893 deny IP from 211.252.9.126 to any ${fwcmd} add 940 deny IP from 216.29.112.126 to any ${fwcmd} add 950 deny IP from 217.172.182.148 to any ${fwcmd} add 960 deny IP from 218.21.129.105 to any ${fwcmd} add 961 deny IP from 218.49.183.17 to any ${fwcmd} add 962 deny IP from 218.102.19.78 to any ${fwcmd} add 963 deny IP from 218.237.66.152 to any ${fwcmd} add 970 deny IP from 220.64.223.249 to any ${fwcmd} add 971 deny IP from 220.73.215.151 to any ${fwcmd} add 980 deny IP from 221.3.131.80 to any ${fwcmd} add 981 deny IP from 221.12.11.118 to any ${fwcmd} add 982 deny IP from 222.56.118.124 to any Is th list I have so far... I haven't added any (I'm sure I received more attempts) since Friday... above this part, I have the rest of my firewall script.. Hopethis helps, Michael -- Michael D. Whities [EMAIL PROTECTED] http://www.one-arm.com -- There are four colors of hats to watch for: Black, White, Grey, and Red. The meanings are: Cracker, Hacker, Guru, and Victim. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Adding network IP to hosts.deny
uidzero wrote: Pelle Andersson wrote: Hi! I have a lot of login attempts from various networks and IP addresses on my FBSD 4.10 server. I have read the man pages for hosts.deny but do not understand how to add networks and IP addresses to it. I use /etc/rc.ipfw... ${fwcmd} add 300 deny IP from 24.19.0.105 to any ${fwcmd} add 301 deny IP from 24.79.68.179 to any ${fwcmd} add 400 deny IP from 61.100.180.125 to any ${fwcmd} add 401 deny IP from 61.206.125.28 to any ${fwcmd} add 402 deny IP from 61.211.239.236 to any ${fwcmd} add 500 deny IP from 63.144.19.6 to any ${fwcmd} add 501 deny IP from 64.246.20.123 to any ${fwcmd} add 502 deny IP from 66.223.46.129 to any ${fwcmd} add 503 deny IP from 67.81.127.99 to any ${fwcmd} add 600 deny IP from 81.223.99.90 to any ${fwcmd} add 700 deny IP from 140.112.124.123 to any ${fwcmd} add 701 deny IP from 159.226.2.161 to any ${fwcmd} add 702 deny IP from 163.25.65.3 to any ${fwcmd} add 703 deny IP from 193.145.87.3 to any ${fwcmd} add 800 deny IP from 202.57.191.179 to any ${fwcmd} add 801 deny IP from 202.226.185.150 to any ${fwcmd} add 810 deny IP from 203.71.62.9 to any ${fwcmd} add 113 deny IP from 203.98.166.25 to any ${fwcmd} add 812 deny IP from 203.115.96.151 to any ${fwcmd} add 813 deny IP from 203.169.248.5 to any ${fwcmd} add 814 deny IP from 203.186.157.37 to any ${fwcmd} add 830 deny IP from 205.209.141.50 to any ${fwcmd} add 870 deny IP from 209.88.93.138 to any ${fwcmd} add 871 deny IP from 209.172.103.235 to any ${fwcmd} add 880 deny IP from 210.204.129.11 to any ${fwcmd} add 890 deny IP from 211.60.219.250 to any ${fwcmd} add 891 deny IP from 211.221.246.28 to any ${fwcmd} add 892 deny IP from 211.251.71.2 to any ${fwcmd} add 893 deny IP from 211.252.9.126 to any ${fwcmd} add 940 deny IP from 216.29.112.126 to any ${fwcmd} add 950 deny IP from 217.172.182.148 to any ${fwcmd} add 960 deny IP from 218.21.129.105 to any ${fwcmd} add 961 deny IP from 218.49.183.17 to any ${fwcmd} add 962 deny IP from 218.102.19.78 to any ${fwcmd} add 963 deny IP from 218.237.66.152 to any ${fwcmd} add 970 deny IP from 220.64.223.249 to any ${fwcmd} add 971 deny IP from 220.73.215.151 to any ${fwcmd} add 980 deny IP from 221.3.131.80 to any ${fwcmd} add 981 deny IP from 221.12.11.118 to any ${fwcmd} add 982 deny IP from 222.56.118.124 to any I have attacks by similar IP numbers. However, I discovered that these IP numbers are used only once to attack my PC. Next attack will be from a different IP number. So adding the IP numbers to your list each time after an attack, will make your deny-list longer and longer, but won't make it more effective, since it doesn't protect you against the attackers next attempts. Unless, of course, someone is attacking again and again from the same IP number; but that is not what I observe. Rob. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Adding network IP to hosts.deny
Rob wrote: uidzero wrote: Pelle Andersson wrote: Hi! I have a lot of login attempts from various networks and IP addresses on my FBSD 4.10 server. I have read the man pages for hosts.deny but do not understand how to add networks and IP addresses to it. I use /etc/rc.ipfw... ${fwcmd} add 300 deny IP from 24.19.0.105 to any ${fwcmd} add 301 deny IP from 24.79.68.179 to any ${fwcmd} add 400 deny IP from 61.100.180.125 to any ${fwcmd} add 401 deny IP from 61.206.125.28 to any ${fwcmd} add 402 deny IP from 61.211.239.236 to any ${fwcmd} add 500 deny IP from 63.144.19.6 to any ${fwcmd} add 501 deny IP from 64.246.20.123 to any ${fwcmd} add 502 deny IP from 66.223.46.129 to any ${fwcmd} add 503 deny IP from 67.81.127.99 to any ${fwcmd} add 600 deny IP from 81.223.99.90 to any ${fwcmd} add 700 deny IP from 140.112.124.123 to any ${fwcmd} add 701 deny IP from 159.226.2.161 to any ${fwcmd} add 702 deny IP from 163.25.65.3 to any ${fwcmd} add 703 deny IP from 193.145.87.3 to any ${fwcmd} add 800 deny IP from 202.57.191.179 to any ${fwcmd} add 801 deny IP from 202.226.185.150 to any ${fwcmd} add 810 deny IP from 203.71.62.9 to any ${fwcmd} add 113 deny IP from 203.98.166.25 to any ${fwcmd} add 812 deny IP from 203.115.96.151 to any ${fwcmd} add 813 deny IP from 203.169.248.5 to any ${fwcmd} add 814 deny IP from 203.186.157.37 to any ${fwcmd} add 830 deny IP from 205.209.141.50 to any ${fwcmd} add 870 deny IP from 209.88.93.138 to any ${fwcmd} add 871 deny IP from 209.172.103.235 to any ${fwcmd} add 880 deny IP from 210.204.129.11 to any ${fwcmd} add 890 deny IP from 211.60.219.250 to any ${fwcmd} add 891 deny IP from 211.221.246.28 to any ${fwcmd} add 892 deny IP from 211.251.71.2 to any ${fwcmd} add 893 deny IP from 211.252.9.126 to any ${fwcmd} add 940 deny IP from 216.29.112.126 to any ${fwcmd} add 950 deny IP from 217.172.182.148 to any ${fwcmd} add 960 deny IP from 218.21.129.105 to any ${fwcmd} add 961 deny IP from 218.49.183.17 to any ${fwcmd} add 962 deny IP from 218.102.19.78 to any ${fwcmd} add 963 deny IP from 218.237.66.152 to any ${fwcmd} add 970 deny IP from 220.64.223.249 to any ${fwcmd} add 971 deny IP from 220.73.215.151 to any ${fwcmd} add 980 deny IP from 221.3.131.80 to any ${fwcmd} add 981 deny IP from 221.12.11.118 to any ${fwcmd} add 982 deny IP from 222.56.118.124 to any I have attacks by similar IP numbers. However, I discovered that these IP numbers are used only once to attack my PC. Next attack will be from a different IP number. So adding the IP numbers to your list each time after an attack, will make your deny-list longer and longer, but won't make it more effective, since it doesn't protect you against the attackers next attempts. Unless, of course, someone is attacking again and again from the same IP number; but that is not what I observe. Rob. Actually, quite a few has attempted several times from the same IPs. I figure if it gets to big, I'll just block the whole class. What do I care if a whole country can't access my lil webserver? :) Thanks for the comment. Michael -- Michael D. Whities [EMAIL PROTECTED] http://www.one-arm.com -- There are four colors of hats to watch for: Black, White, Grey, and Red. The meanings are: Cracker, Hacker, Guru, and Victim. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Adding network IP to hosts.deny
Thanks all for you replys! Yes the IP addresses is changing all the time. The pages I serve are for one country only (.se) so I think I can block whole nets without any problem. If the pages where International there would be a problem I think. 2 new questions. 1. Is it possible to block a whole network with IPFW? Like this for example: --- ${fwcmd} add 961 deny IP from 192.168.100.0/24 to any --- 2. Do I also need to raise the number 961 by one in the above line for each new rule-line I add? In the meantime, I need/want/must to learn IPFW =) Thank again, Best regards Rob wrote: uidzero wrote: Pelle Andersson wrote: Hi! I have a lot of login attempts from various networks and IP addresses on my FBSD 4.10 server. I have read the man pages for hosts.deny but do not understand how to add networks and IP addresses to it. I use /etc/rc.ipfw... ${fwcmd} add 300 deny IP from 24.19.0.105 to any ${fwcmd} add 301 deny IP from 24.79.68.179 to any ${fwcmd} add 400 deny IP from 61.100.180.125 to any ${fwcmd} add 401 deny IP from 61.206.125.28 to any ${fwcmd} add 402 deny IP from 61.211.239.236 to any ${fwcmd} add 500 deny IP from 63.144.19.6 to any ${fwcmd} add 501 deny IP from 64.246.20.123 to any ${fwcmd} add 502 deny IP from 66.223.46.129 to any ${fwcmd} add 503 deny IP from 67.81.127.99 to any ${fwcmd} add 600 deny IP from 81.223.99.90 to any ${fwcmd} add 700 deny IP from 140.112.124.123 to any ${fwcmd} add 701 deny IP from 159.226.2.161 to any ${fwcmd} add 702 deny IP from 163.25.65.3 to any ${fwcmd} add 703 deny IP from 193.145.87.3 to any ${fwcmd} add 800 deny IP from 202.57.191.179 to any ${fwcmd} add 801 deny IP from 202.226.185.150 to any ${fwcmd} add 810 deny IP from 203.71.62.9 to any ${fwcmd} add 113 deny IP from 203.98.166.25 to any ${fwcmd} add 812 deny IP from 203.115.96.151 to any ${fwcmd} add 813 deny IP from 203.169.248.5 to any ${fwcmd} add 814 deny IP from 203.186.157.37 to any ${fwcmd} add 830 deny IP from 205.209.141.50 to any ${fwcmd} add 870 deny IP from 209.88.93.138 to any ${fwcmd} add 871 deny IP from 209.172.103.235 to any ${fwcmd} add 880 deny IP from 210.204.129.11 to any ${fwcmd} add 890 deny IP from 211.60.219.250 to any ${fwcmd} add 891 deny IP from 211.221.246.28 to any ${fwcmd} add 892 deny IP from 211.251.71.2 to any ${fwcmd} add 893 deny IP from 211.252.9.126 to any ${fwcmd} add 940 deny IP from 216.29.112.126 to any ${fwcmd} add 950 deny IP from 217.172.182.148 to any ${fwcmd} add 960 deny IP from 218.21.129.105 to any ${fwcmd} add 961 deny IP from 218.49.183.17 to any ${fwcmd} add 962 deny IP from 218.102.19.78 to any ${fwcmd} add 963 deny IP from 218.237.66.152 to any ${fwcmd} add 970 deny IP from 220.64.223.249 to any ${fwcmd} add 971 deny IP from 220.73.215.151 to any ${fwcmd} add 980 deny IP from 221.3.131.80 to any ${fwcmd} add 981 deny IP from 221.12.11.118 to any ${fwcmd} add 982 deny IP from 222.56.118.124 to any I have attacks by similar IP numbers. However, I discovered that these IP numbers are used only once to attack my PC. Next attack will be from a different IP number. So adding the IP numbers to your list each time after an attack, will make your deny-list longer and longer, but won't make it more effective, since it doesn't protect you against the attackers next attempts. Unless, of course, someone is attacking again and again from the same IP number; but that is not what I observe. Rob. Actually, quite a few has attempted several times from the same IPs. I figure if it gets to big, I'll just block the whole class. What do I care if a whole country can't access my lil webserver? :) Thanks for the comment. Michael -- Michael D. Whities [EMAIL PROTECTED] http://www.one-arm.com -- There are four colors of hats to watch for: Black, White, Grey, and Red. The meanings are: Cracker, Hacker, Guru, and Victim. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Adding network IP to hosts.deny
- Forwarded message from Mark Frasa [EMAIL PROTECTED] - From: Mark Frasa [EMAIL PROTECTED] Subject: Re: Adding network IP to hosts.deny To: Pelle Andersson [EMAIL PROTECTED] Reply-To: Mark Frasa [EMAIL PROTECTED] Date: Mon, 11 Oct 2004 13:05:04 +0200 User-Agent: Mutt/1.5.6i Message-ID: [EMAIL PROTECTED] On 2004.10.11 12:53:20 +0200, Pelle Andersson wrote: Thanks all for you replys! Yes the IP addresses is changing all the time. The pages I serve are for one country only (.se) so I think I can block whole nets without any problem. If the pages where International there would be a problem I think. 2 new questions. 1. Is it possible to block a whole network with IPFW? Like this for example: --- ${fwcmd} add 961 deny IP from 192.168.100.0/24 to any --- 2. Do I also need to raise the number 961 by one in the above line for each new rule-line I add? In the meantime, I need/want/must to learn IPFW =) Thank again, Best regards Rob wrote: uidzero wrote: Pelle Andersson wrote: Hi! I have a lot of login attempts from various networks and IP addresses on my FBSD 4.10 server. I have read the man pages for hosts.deny but do not understand how to add networks and IP addresses to it. I use /etc/rc.ipfw... ${fwcmd} add 300 deny IP from 24.19.0.105 to any ${fwcmd} add 301 deny IP from 24.79.68.179 to any ${fwcmd} add 400 deny IP from 61.100.180.125 to any ${fwcmd} add 401 deny IP from 61.206.125.28 to any ${fwcmd} add 402 deny IP from 61.211.239.236 to any ${fwcmd} add 500 deny IP from 63.144.19.6 to any ${fwcmd} add 501 deny IP from 64.246.20.123 to any ${fwcmd} add 502 deny IP from 66.223.46.129 to any ${fwcmd} add 503 deny IP from 67.81.127.99 to any ${fwcmd} add 600 deny IP from 81.223.99.90 to any ${fwcmd} add 700 deny IP from 140.112.124.123 to any ${fwcmd} add 701 deny IP from 159.226.2.161 to any ${fwcmd} add 702 deny IP from 163.25.65.3 to any ${fwcmd} add 703 deny IP from 193.145.87.3 to any ${fwcmd} add 800 deny IP from 202.57.191.179 to any ${fwcmd} add 801 deny IP from 202.226.185.150 to any ${fwcmd} add 810 deny IP from 203.71.62.9 to any ${fwcmd} add 113 deny IP from 203.98.166.25 to any ${fwcmd} add 812 deny IP from 203.115.96.151 to any ${fwcmd} add 813 deny IP from 203.169.248.5 to any ${fwcmd} add 814 deny IP from 203.186.157.37 to any ${fwcmd} add 830 deny IP from 205.209.141.50 to any ${fwcmd} add 870 deny IP from 209.88.93.138 to any ${fwcmd} add 871 deny IP from 209.172.103.235 to any ${fwcmd} add 880 deny IP from 210.204.129.11 to any ${fwcmd} add 890 deny IP from 211.60.219.250 to any ${fwcmd} add 891 deny IP from 211.221.246.28 to any ${fwcmd} add 892 deny IP from 211.251.71.2 to any ${fwcmd} add 893 deny IP from 211.252.9.126 to any ${fwcmd} add 940 deny IP from 216.29.112.126 to any ${fwcmd} add 950 deny IP from 217.172.182.148 to any ${fwcmd} add 960 deny IP from 218.21.129.105 to any ${fwcmd} add 961 deny IP from 218.49.183.17 to any ${fwcmd} add 962 deny IP from 218.102.19.78 to any ${fwcmd} add 963 deny IP from 218.237.66.152 to any ${fwcmd} add 970 deny IP from 220.64.223.249 to any ${fwcmd} add 971 deny IP from 220.73.215.151 to any ${fwcmd} add 980 deny IP from 221.3.131.80 to any ${fwcmd} add 981 deny IP from 221.12.11.118 to any ${fwcmd} add 982 deny IP from 222.56.118.124 to any I have attacks by similar IP numbers. However, I discovered that these IP numbers are used only once to attack my PC. Next attack will be from a different IP number. So adding the IP numbers to your list each time after an attack, will make your deny-list longer and longer, but won't make it more effective, since it doesn't protect you against the attackers next attempts. Unless, of course, someone is attacking again and again from the same IP number; but that is not what I observe. Rob. Actually, quite a few has attempted several times from the same IPs. I figure if it gets to big, I'll just block the whole class. What do I care if a whole country can't access my lil webserver? :) Thanks for the comment. Michael -- Michael D. Whities [EMAIL PROTECTED] http://www.one-arm.com -- There are four colors of hats to watch for: Black, White, Grey, and Red. The meanings are: Cracker, Hacker, Guru, and Victim. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Hi, Q1 Yes, you can add like /24 behind the ip-address to specify a range. Q2 The best thing is to raise the number for each rule, when you later
Re: Adding network IP to hosts.deny
uidzero wrote: Rob wrote: uidzero wrote: Pelle Andersson wrote: Hi! I have a lot of login attempts from various networks and IP addresses on my FBSD 4.10 server. I have read the man pages for hosts.deny but do not understand how to add networks and IP addresses to it. I use /etc/rc.ipfw... ${fwcmd} add 300 deny IP from 24.19.0.105 to any ${fwcmd} add 301 deny IP from 24.79.68.179 to any ${fwcmd} add 400 deny IP from 61.100.180.125 to any ${fwcmd} add 401 deny IP from 61.206.125.28 to any [...snip...] ${fwcmd} add 971 deny IP from 220.73.215.151 to any ${fwcmd} add 980 deny IP from 221.3.131.80 to any ${fwcmd} add 981 deny IP from 221.12.11.118 to any ${fwcmd} add 982 deny IP from 222.56.118.124 to any I have attacks by similar IP numbers. However, I discovered that these IP numbers are used only once to attack my PC. Next attack will be from a different IP number. So adding the IP numbers to your list each time after an attack, will make your deny-list longer and longer, but won't make it more effective, since it doesn't protect you against the attackers next attempts. Unless, of course, someone is attacking again and again from the same IP number; but that is not what I observe. Rob. Actually, quite a few has attempted several times from the same IPs. I figure if it gets to big, I'll just block the whole class. What do I care if a whole country can't access my lil webserver? :) Have you bothered to monitor your rules with ipfw -dt show, or by adding a 'log' to your rules? That would give you a clue as to how effective your deny rules are. Rob. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Adding network IP to hosts.deny
Rob wrote: uidzero wrote: Rob wrote: uidzero wrote: Pelle Andersson wrote: Hi! I have a lot of login attempts from various networks and IP addresses on my FBSD 4.10 server. I have read the man pages for hosts.deny but do not understand how to add networks and IP addresses to it. I use /etc/rc.ipfw... ${fwcmd} add 300 deny IP from 24.19.0.105 to any ${fwcmd} add 301 deny IP from 24.79.68.179 to any ${fwcmd} add 400 deny IP from 61.100.180.125 to any ${fwcmd} add 401 deny IP from 61.206.125.28 to any [...snip...] ${fwcmd} add 971 deny IP from 220.73.215.151 to any ${fwcmd} add 980 deny IP from 221.3.131.80 to any ${fwcmd} add 981 deny IP from 221.12.11.118 to any ${fwcmd} add 982 deny IP from 222.56.118.124 to any I have attacks by similar IP numbers. However, I discovered that these IP numbers are used only once to attack my PC. Next attack will be from a different IP number. So adding the IP numbers to your list each time after an attack, will make your deny-list longer and longer, but won't make it more effective, since it doesn't protect you against the attackers next attempts. Unless, of course, someone is attacking again and again from the same IP number; but that is not what I observe. Rob. Actually, quite a few has attempted several times from the same IPs. I figure if it gets to big, I'll just block the whole class. What do I care if a whole country can't access my lil webserver? :) Have you bothered to monitor your rules with ipfw -dt show, or by adding a 'log' to your rules? That would give you a clue as to how effective your deny rules are. Rob. I've added a few friends static IPs and they weren't able to get any of the services my system runs. So,noy only is ssh blocked, everything is blocked. Michael -- Michael D. Whities [EMAIL PROTECTED] http://www.one-arm.com -- There are four colors of hats to watch for: Black, White, Grey, and Red. The meanings are: Cracker, Hacker, Guru, and Victim. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]