Simplest way to deny access to a class C

Fri Mar 4 00:02:43 UTC 2011

Be careful of automated responses.  What if someone spoofs IP's of legit users / customers / whatever and your automated response blocks them?  Not good.

I thought about blocking....well, never mind - might pi$$ someone off and attract unwanted attention...

-----Original Message-----
From: owner-freebsd-questions at freebsd.org [mailto:owner-freebsd-questions at freebsd.org] On Behalf Of Patrick Gibson
Sent: Thursday, March 03, 2011 5:58 PM
To: Jorge Biquez
Cc: freebsd-questions at freebsd.org
Subject: Re: Simplest way to deny access to a class C

You might consider mod_security (/usr/ports/www/mod_security) which
can be set up to ban hosts based on behaviour or characteristics.

Or fail2ban (/usr/ports/security/py-fail2ban) is really great, too, in
that it scans whatever logs you want, and can trigger a block in your
firewall if enough violating log entries are found within a particular
period of time. Everything is totally configurable, and there are
plenty of examples that come with it.

Patrick

On Thu, Mar 3, 2011 at 8:59 AM, Jorge Biquez <jbiquez at intranet.com.mx> wrote:
> Hello all.
>
> I am sorry in advance if this question sounds too stupid.
>
> I have a small server for personal use of webpages running:
>
> 7.3-PRERELEASE FreeBSD 7.3-PRERELEASE #0
>
> it is working fine , no problem very stable.
>
> I just need to block some IP class C address that are always trying to
> "discover" directories or applications under the web server. They do not do
> and can not do anything since this server has nothing installed but i am
> tired of seeing in the logs all the intents they do every 2-3 seconds.
>
> I have not installed any kind of firewall yet.
> What do you think is the best way to accomplish this task? If possible the
> easiest one. I do not want to do anything else but just bloc IP's, at this
> moment at least.
>
> Thanks in advance.
>
> Jorge Biquez
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
 and may contain information that is privileged and/or confidential.
 If you are not the intended recipient, you are hereby notified that
 any review, use, dissemination, disclosure or copying of this email
 and its attachments, if any, is strictly prohibited.  If you have
 received this email in error, please immediately notify the sender by
 return email and delete this email from your system."
</font>