Re: Slightly OT: Blocking an IP

[Bill Cole]

At 6:03 AM -0700 6/16/04, Tod Fitch  imposed structure on a stream of 
electrons, yielding:
From time to time I get many megabytes of entries like this in my SIMS log:
00:27:19 1 SMTP-365([200.204.198.115]) SPAM? Recipient 
'<[EMAIL PROTECTED]>' rejected: sending host is blacklisted, 
"The host is suspected in address harvesting"
[big snip
Basically someone has a broken program that tries to send to the 
same failed account several times a second for many hours.

At present I am using an older LinkSys NAT box for my "firewall". 
Ports for POP and SNMP are forwarded to my SIMS box. The current 
firmware in the LinkSys, and as far as I can tell, the newest 
firmware available for this model do not allow blocking of specific 
incoming IP addresses or ranges of addresses.

I'd like an inexpensive hardware router/firewall/NAT box that would 
allow me to block things like this before it ever gets to SIMS. I 
much prefer to have my firewall be something other than my 
server(s). And I'd much prefer to have a device with no moving parts 
that generates little heat and uses little power, so I'd rather not 
press an old computer into service for this.

Any suggestions?

Such devices have become extraordinarily cheap and available as 
commodity products, often with a lot more functionality than you 
need. For example, I recently bought a Linksys WRT54G for $85 which 
combines a router, 4-port switch, and 802.11g access point. 
Unbeknownst to me at the time, this thing is in fact a little 
embedded Linux device and Linksys (a Cisco company) has taken the 
spirit of the GPL to heart and released all of the firmware source 
code. As a result, others have developed alternative loads for the 
box which can do all sorts of cool stuff. Given the flexibility and 
cost, it might be worthwhile to use such a device and just disable 
the wireless interface (maybe even pull the antennae if this is not 
in a location you control) and use it as a simple NAT router and 
firewall, which it does reasonably even without doing the brain 
transplants you can find at http://www.batbox.org/wrt54g-linux.html 
and http://docs.sveasoft.com/SV-Index.html

--
Bill Cole                                  
[EMAIL PROTECTED]

#############################################################
This message is sent to you because you are subscribed to
 the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to  <[EMAIL PROTECTED]>