From owner-freebsd-questions@FreeBSD.ORG Fri Mar 4 13:51:04 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6CB751065673 for ; Fri, 4 Mar 2011 13:51:04 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mail-wy0-f182.google.com (mail-wy0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id EBDE08FC0C for ; Fri, 4 Mar 2011 13:51:03 +0000 (UTC) Received: by wyb32 with SMTP id 32so2409277wyb.13 for ; Fri, 04 Mar 2011 05:51:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=VpXRnXLvwZIJZB5N61LX7egQzkK2OTwor7S2jlnPQs8=; b=SAMIXwESIqwH9j1WuSFZ3n5gv0QO4nqOVgxzRfnJvAJ5VrustmAr7Y3SmxGYHTbPpr CUDTBsno2Glr8eFAtCTnCnbgtU/ygvbXXtSEHu9ALq3JwCLb92wfINxZgfVwuuViBPux 9TTLPzi1DV0g0zu6VNEMt6XLMyC47iHQ4TPEM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=wZyVNAat5EVyC2HCrW3qJqGtw/vqB1H2/43Meen8brTmr2YUZoEHemQus6/ml6DVJ/ oT3kRffYrJ7T2CjaA+23dnNNYft+2PfOVJN6zrOkCAUxV/jJlMbIcZ/ZSzvcioR2rZkW UnIN9XGbuYTLe7qSmnzypXJH+k/NAMSfS1liI= MIME-Version: 1.0 Received: by 10.216.24.73 with SMTP id w51mr535337wew.72.1299246662252; Fri, 04 Mar 2011 05:51:02 -0800 (PST) Received: by 10.216.80.147 with HTTP; Fri, 4 Mar 2011 05:51:02 -0800 (PST) In-Reply-To: <3382051429-764985639@intranet.com.mx> References: <3382016411-764985335@intranet.com.mx> <11805_1299196962_4D702C22_11805_70_1_D9B37353831173459FDAA836D3B43499BD354A48@WADPMBXV0.waddell.com> <3382051429-764985639@intranet.com.mx> Date: Fri, 4 Mar 2011 13:51:02 +0000 Message-ID: From: krad To: Jorge Biquez Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: Simplest way to deny access to a class C X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Mar 2011 13:51:04 -0000 On 4 March 2011 02:43, Jorge Biquez wrote: > Thank you all for your time and comments. > > I guess that I will install a firewall, that way I can also block those > Class C's from sending tons of emails to non existing accounts.... > I will read the website to see the best options. Any suggestion is more > than welcome. > > Jorge Biquez > > > At 06:02 p.m. 03/03/2011, you wrote: > >> Be careful of automated responses. What if someone spoofs IP's of legit >> users / customers / whatever and your automated response blocks them? Not >> good. >> >> I thought about blocking....well, never mind - might pi$$ someone off and >> attract unwanted attention... >> >> -----Original Message----- >> From: owner-freebsd-questions@freebsd.org [mailto: >> owner-freebsd-questions@freebsd.org] On Behalf Of Patrick Gibson >> Sent: Thursday, March 03, 2011 5:58 PM >> To: Jorge Biquez >> Cc: freebsd-questions@freebsd.org >> Subject: Re: Simplest way to deny access to a class C >> >> You might consider mod_security (/usr/ports/www/mod_security) which >> can be set up to ban hosts based on behaviour or characteristics. >> >> Or fail2ban (/usr/ports/security/py-fail2ban) is really great, too, in >> that it scans whatever logs you want, and can trigger a block in your >> firewall if enough violating log entries are found within a particular >> period of time. Everything is totally configurable, and there are >> plenty of examples that come with it. >> >> Patrick >> >> >> On Thu, Mar 3, 2011 at 8:59 AM, Jorge Biquez >> wrote: >> > Hello all. >> > >> > I am sorry in advance if this question sounds too stupid. >> > >> > I have a small server for personal use of webpages running: >> > >> > 7.3-PRERELEASE FreeBSD 7.3-PRERELEASE #0 >> > >> > it is working fine , no problem very stable. >> > >> > I just need to block some IP class C address that are always trying to >> > "discover" directories or applications under the web server. They do not >> do >> > and can not do anything since this server has nothing installed but i am >> > tired of seeing in the logs all the intents they do every 2-3 seconds. >> > >> > I have not installed any kind of firewall yet. >> > What do you think is the best way to accomplish this task? If possible >> the >> > easiest one. I do not want to do anything else but just bloc IP's, at >> this >> > moment at least. >> > >> > Thanks in advance. >> > >> > Jorge Biquez >> > >> > _______________________________________________ >> > freebsd-questions@freebsd.org mailing list >> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> > To unsubscribe, send any mail to " >> freebsd-questions-unsubscribe@freebsd.org" >> > >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to " >> freebsd-questions-unsubscribe@freebsd.org" >> >> >> >> >> >> >>
>>
>> "This email is intended to be reviewed by only the intended recipient >> and may contain information that is privileged and/or confidential. >> If you are not the intended recipient, you are hereby notified that >> any review, use, dissemination, disclosure or copying of this email >> and its attachments, if any, is strictly prohibited. If you have >> received this email in error, please immediately notify the sender by >> return email and delete this email from your system." >> >> >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to " >> freebsd-questions-unsubscribe@freebsd.org" >> > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > you might wamt to look at geoip as well. you can open up services to specif regions then, or block other regions. Can be controversial though.