Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 11 Oct 2004 19:28:50 +0900
From:      Rob <spamrefuse@yahoo.com>
To:        uidzero <uidzero@one-arm.com>, freebsd-questions@freebsd.org
Subject:   Re: Adding network & IP to hosts.deny
Message-ID:  <416A6062.9080106@yahoo.com>
In-Reply-To: <416A5CF6.20508@one-arm.com>
References:  <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAArvdSa/sjb0OI1eLKLXuK1sKAAAAQAAAAnNdJfVuVREajW0jiKTPoYAEAAAAA@spd.nu> <416A5CF6.20508@one-arm.com>

next in thread | previous in thread | raw e-mail | index | archive | help
uidzero wrote:
> Pelle Andersson wrote:
> 
>> Hi!
>>
>> I have a lot of login attempts from various networks and IP addresses
>> on my FBSD 4.10 server. I have read the man pages for hosts.deny but
>> do not understand how to add networks and IP addresses to it.
>>
> 
> I use "/etc/rc.ipfw"...
> 
> 
> ${fwcmd} add 300 deny IP from 24.19.0.105 to any
> ${fwcmd} add 301 deny IP from 24.79.68.179 to any
> ${fwcmd} add 400 deny IP from 61.100.180.125 to any
> ${fwcmd} add 401 deny IP from 61.206.125.28 to any
> ${fwcmd} add 402 deny IP from 61.211.239.236 to any
> ${fwcmd} add 500 deny IP from 63.144.19.6 to any
> ${fwcmd} add 501 deny IP from 64.246.20.123 to any
> ${fwcmd} add 502 deny IP from 66.223.46.129 to any
> ${fwcmd} add 503 deny IP from 67.81.127.99 to any
> ${fwcmd} add 600 deny IP from 81.223.99.90 to any
> ${fwcmd} add 700 deny IP from 140.112.124.123 to any
> ${fwcmd} add 701 deny IP from 159.226.2.161 to any
> ${fwcmd} add 702 deny IP from 163.25.65.3 to any
> ${fwcmd} add 703 deny IP from 193.145.87.3 to any
> ${fwcmd} add 800 deny IP from 202.57.191.179 to any
> ${fwcmd} add 801 deny IP from 202.226.185.150 to any
> ${fwcmd} add 810 deny IP from 203.71.62.9 to any
> ${fwcmd} add 113 deny IP from 203.98.166.25 to any
> ${fwcmd} add 812 deny IP from 203.115.96.151 to any
> ${fwcmd} add 813 deny IP from 203.169.248.5 to any
> ${fwcmd} add 814 deny IP from 203.186.157.37 to any
> ${fwcmd} add 830 deny IP from 205.209.141.50 to any
> ${fwcmd} add 870 deny IP from 209.88.93.138 to any
> ${fwcmd} add 871 deny IP from 209.172.103.235 to any
> ${fwcmd} add 880 deny IP from 210.204.129.11 to any
> ${fwcmd} add 890 deny IP from 211.60.219.250 to any
> ${fwcmd} add 891 deny IP from 211.221.246.28 to any
> ${fwcmd} add 892 deny IP from 211.251.71.2 to any
> ${fwcmd} add 893 deny IP from 211.252.9.126 to any
> ${fwcmd} add 940 deny IP from 216.29.112.126 to any
> ${fwcmd} add 950 deny IP from 217.172.182.148 to any
> ${fwcmd} add 960 deny IP from 218.21.129.105 to any
> ${fwcmd} add 961 deny IP from 218.49.183.17 to any
> ${fwcmd} add 962 deny IP from 218.102.19.78 to any
> ${fwcmd} add 963 deny IP from 218.237.66.152 to any
> ${fwcmd} add 970 deny IP from 220.64.223.249 to any
> ${fwcmd} add 971 deny IP from 220.73.215.151 to any
> ${fwcmd} add 980 deny IP from 221.3.131.80 to any
> ${fwcmd} add 981 deny IP from 221.12.11.118 to any
> ${fwcmd} add 982 deny IP from 222.56.118.124 to any

I have attacks by similar IP numbers. However, I discovered
that these IP numbers are used only once to attack my PC.
Next attack will be from a different IP number. So adding the
IP numbers to your list each time after an attack, will make
your deny-list longer and longer, but won't make it more effective,
since it doesn't protect you against the attackers next attempts.

Unless, of course, someone is attacking again and again from the
same IP number; but that is not what I observe.

Rob.




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?416A6062.9080106>