On Fri, 2009-05-01 at 18:36 -0700, Tom Sharples wrote: > This works too :-) > > iptables -A INPUT -s 213.165.154.53/24 -j DROP
It does for sure. The only problem is that this one host is not the only one to be concerned about. If you have a router at the border of the network that has the capability of watching the network for this type of behaviour and responding to it, then I'd suggest adding that function there. The denyhosts script that Josh suggested works, but it is a reactive script. In other words, it watches the log file and does what you suggest automatically. At least that's what I saw the first time I looked at it. A better approach is the one that Eje suggested. His suggestion uses a router (probably Mikrotik in his case) that watches for this behaviour and drops all traffic from this host automatically. You can do this with Mikrotik, ImageStream or any other OS that includes iptables and the "recent module". It's not even that hard to do. -- ******************************************************************** * Butch Evans * Professional Network Consultation* * http://www.butchevans.com/ * Network Engineering * * http://www.wispa.org/ * WISPA Board Member * * http://blog.butchevans.com/ * Wired or Wireless Networks * ******************************************************************** -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
