Date: Tue, 18 Sep 2001 19:08:37 -0700 (PDT) From: klein brock <getzz1@yahoo.com> To: "Christian S ." <cschreiber@netrail.net> Cc: Matthew Emmerton <matt@gsicomp.on.ca>, questions@FreeBSD.ORG Subject: Re: FIREWALL REALLY NEED HELP Message-ID: <20010919020837.87629.qmail@web20106.mail.yahoo.com> In-Reply-To: <20010918214207.T88158@netrail.net>
next in thread | previous in thread | raw e-mail | index | archive | help
not just that.. the ip that attack my server are more than 10.000. this is some of them: 209.8.63.66 - - [18/Sep/2001:17:38:20 -0700] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 288 209.8.172.53 - - [18/Sep/2001:17:38:20 -0700] "GET /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 400 285 209.8.92.226 - - [18/Sep/2001:17:38:20 -0700] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 280 209.8.172.53 - - [18/Sep/2001:17:38:20 -0700] "GET /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302 209.8.92.226 - - [18/Sep/2001:17:38:21 -0700] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 301 209.8.172.53 - - [18/Sep/2001:17:38:21 -0700] "GET /scripts/..%252f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 302 it has 216.*.*.* for more than 100 ip, 209.*.*.* more than 1000 ips, 205.128.*.* i really tired of this., it suffer my server for more than 1 week.. if anybody can help me ... i would appreciate it. they have more than 10.000 ips. thanks alot --- "Christian S ." <cschreiber@netrail.net> wrote: > Try this instead: > > ipfw add deny ip from 209.12.0.0/16 to any via any. > > Beware, however.. you are setting yourself up to > blackhole a BUNCH of traffic. Make *sure* that you > are blocking all bad traffic. I can't imagine that > an entire /16 has managed to peeve > you off.. perhaps you should talk to the > administrator of those IP's, rather than just trash > all of them. > > Christian > __________________________________________________ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010919020837.87629.qmail>