Adding network & IP to hosts.deny
Rob
spamrefuse at yahoo.com
Mon Oct 11 04:21:10 PDT 2004
uidzero wrote:
> Rob wrote:
>
>> uidzero wrote:
>>
>>> Pelle Andersson wrote:
>>>
>>>> Hi!
>>>>
>>>> I have a lot of login attempts from various networks and IP addresses
>>>> on my FBSD 4.10 server. I have read the man pages for hosts.deny but
>>>> do not understand how to add networks and IP addresses to it.
>>>>
>>>
>>> I use "/etc/rc.ipfw"...
>>>
>>>
>>> ${fwcmd} add 300 deny IP from 24.19.0.105 to any
>>> ${fwcmd} add 301 deny IP from 24.79.68.179 to any
>>> ${fwcmd} add 400 deny IP from 61.100.180.125 to any
>>> ${fwcmd} add 401 deny IP from 61.206.125.28 to any
[...snip...]
>>> ${fwcmd} add 971 deny IP from 220.73.215.151 to any
>>> ${fwcmd} add 980 deny IP from 221.3.131.80 to any
>>> ${fwcmd} add 981 deny IP from 221.12.11.118 to any
>>> ${fwcmd} add 982 deny IP from 222.56.118.124 to any
>>
>>
>>
>> I have attacks by similar IP numbers. However, I discovered
>> that these IP numbers are used only once to attack my PC.
>> Next attack will be from a different IP number. So adding the
>> IP numbers to your list each time after an attack, will make
>> your deny-list longer and longer, but won't make it more effective,
>> since it doesn't protect you against the attackers next attempts.
>>
>> Unless, of course, someone is attacking again and again from the
>> same IP number; but that is not what I observe.
>>
>> Rob.
>>
>>
>
> Actually, quite a few has attempted several times from the same IPs. I
> figure if it gets to big, I'll just block the whole class. What do I
> care if a whole country can't access my lil webserver? :)
Have you bothered to monitor your rules with ipfw -dt show, or by adding
a 'log' to your rules? That would give you a clue as to how effective
your deny rules are.
Rob.
More information about the freebsd-questions
mailing list