Re: shutting out an IP
We get these all the time with people trying to buffer over-flow stuff or
script kiddies.
We just do a
route add <HOST_IP> reject
We find this works a lot better. No files to modify or junk like that.
We then have a cron job that releases the IP Address in a week or so.
.ronn
On Wed, Apr 28, 1999 at 03:52:29PM -0400, Paul Tod Rieger wrote:
> Shortly after I stop seeing the bootp/dhcp messages on my cable network,
> I start getting:
>
> Apr 27 22:20:15 www tcplogd: smtp connection attempt from
> unknown@ATHM-209-218-xxx-206.Home.net [209.218.141.206]
>
> Apr 27 22:20:15 www in.smtpd[10502]: warning: /etc/hosts.deny, line 15:
> can't verify hostname: gethostbyname(ATHM-209-218-xxx-206.Home.net)
> failed
>
> Apr 27 22:20:15 www in.smtpd[10502]: refused connect from
> 209.218.141.206
>
> repeatedly -- every 5 seconds -- for about 12 hours. (Maybe they
> stopped because the sender had to go to school.)
>
> What are some ways to stop this in real-time? I've e-mailed
> abuse@home.net and added the IP to /etc/hosts.deny -- do I need to tell
> the system to reread that file? Anything else?
>
> Thanks for any info!
>
> Tod
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
--
Ronn@iDream.COM
http://www.iDream.COM
Anything is possible except for skiing through a revolving door.
It's kinda fun to do the impossible.
Reply to: