On Wednesday 27 February 2002 03:03 pm, Victor W Allen wrote:
> Is there an easy way to maintain a general blacklist? I get a lot of
> general sniffing and anon-ftp attempts from Germany and Denmark on a
> box that doesn't support anonymous connections, and only hosts sites
> serving customers in the US, so I would like to block those IPs in
> the future.
>
> I've just been (manually) adding IPs to my IPChains configuration but
> this seems like the hard way...
>
> Is there an easier and/or better way?
>
> I'm running a RedHat 7.2 box that's already blocking everything but
> SSH, HTTP, FTP and POP/SMTP using IPChains. SMTP relaying is limited
> by TCPServer (for qmail).
>
> I guess a good side topic is: am I overreacting by blacklisting these
> IPs? Is there a more reasonable way to go (say, limiting them to port
> 80 & 25 only?). I'd appreciate thoughts on that as well.
>
> Thanks for the assist,
>
> V
with the iptables string module you'd be able to block anything containing
the word "anonymous" coming in on port 21, or you could log their ip's and
block them globally with a script that parses the log.
