From owner-freebsd-questions  Tue Sep 18 19: 8:41 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from web20106.mail.yahoo.com (web20106.mail.yahoo.com [216.136.226.43])
	by hub.freebsd.org (Postfix) with SMTP id BBB5F37B40E
	for <questions@FreeBSD.ORG>; Tue, 18 Sep 2001 19:08:37 -0700 (PDT)
Message-ID: <20010919020837.87629.qmail@web20106.mail.yahoo.com>
Received: from [209.8.72.253] by web20106.mail.yahoo.com via HTTP; Tue, 18 Sep 2001 19:08:37 PDT
Date: Tue, 18 Sep 2001 19:08:37 -0700 (PDT)
From: klein brock <getzz1@yahoo.com>
Subject: Re: FIREWALL REALLY NEED HELP
To: "Christian S ." <cschreiber@netrail.net>
Cc: Matthew Emmerton <matt@gsicomp.on.ca>, questions@FreeBSD.ORG
In-Reply-To: <20010918214207.T88158@netrail.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

not just that.. the ip that attack my server are more
than 10.000. this is some of them:

209.8.63.66 - - [18/Sep/2001:17:38:20 -0700] "GET
/c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 288
209.8.172.53 - - [18/Sep/2001:17:38:20 -0700] "GET
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 400 285
209.8.92.226 - - [18/Sep/2001:17:38:20 -0700] "GET
/scripts/root.exe?/c+dir HTTP/1.0" 404 280
209.8.172.53 - - [18/Sep/2001:17:38:20 -0700] "GET
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 302
209.8.92.226 - - [18/Sep/2001:17:38:21 -0700] "GET
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 301
209.8.172.53 - - [18/Sep/2001:17:38:21 -0700] "GET
/scripts/..%252f../winnt/system32/cmd.exe?/c+dir
HTTP/1.0" 404 302

it has 216.*.*.* for more than 100 ip, 209.*.*.* more
than 1000 ips, 205.128.*.*

i really tired of this., it suffer my server for more
than 1 week.. if anybody can help me ... i would
appreciate it. they have more than 10.000 ips.


thanks alot

--- "Christian S ." <cschreiber@netrail.net> wrote:
> Try this instead:
> 
> ipfw add deny ip from 209.12.0.0/16 to any via any.
> 
> Beware, however.. you are setting yourself up to
> blackhole a BUNCH of traffic. Make *sure* that you
> are blocking all bad traffic. I can't imagine that
> an entire /16 has managed to peeve
> you off.. perhaps you should talk to the
> administrator of those IP's, rather than just trash
> all of them.
> 
> Christian
> 


__________________________________________________
Terrorist Attacks on U.S. - How can you help?
Donate cash, emergency relief information
http://dailynews.yahoo.com/fc/US/Emergency_Information/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message