[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: shutting out an IP



On Wed, 28 Apr 1999, Paul Tod Rieger wrote:

 > What are some ways to stop this in real-time?  I've e-mailed
 > abuse@home.net and added the IP to /etc/hosts.deny -- do I need to tell
 > the system to reread that file?  Anything else?

ipfwadm -Ii -a reject -S whatevertheipwas/24
or if you have 2.2, then 
ipfwadm-wrapper ipfwadm -Ii -a reject -S whateveritwas/24
sorry i don;t know ipchains :)

this will lock out the whole C class of which the attacker is a
member.

you do not need to restart anything when you change hosts.allow (or
.deny), as they are rad by tcpd which is started by inetd for every
incoming connection (for which the server is run by inetd), but
putting an ip in hosts.deny will not prevent that ip from accessing
those services that are run standalone (typically sshd, httpd and
smtpd)

-- 
[-]
All trespassing cockroaches will be horribly mutilated -- tegla
:0:


Reply to: