From owner-freebsd-questions@FreeBSD.ORG Mon Oct 11 10:28:52 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 39B1216A4CE for ; Mon, 11 Oct 2004 10:28:52 +0000 (GMT) Received: from auk2.snu.ac.kr (auk2.snu.ac.kr [147.46.100.32]) by mx1.FreeBSD.org (Postfix) with ESMTP id 71A5343D2F for ; Mon, 11 Oct 2004 10:28:51 +0000 (GMT) (envelope-from spamrefuse@yahoo.com) Received: from [147.46.44.181] (spamrefuse@yahoo.com) by auk2.snu.ac.kr (Terrace Internet Messaging Server) with ESMTP id 2004101119:28:36:015399.16005.2672343984 for ; Mon, 11 Oct 2004 19:28:36 +0900 (KST) Message-ID: <416A6062.9080106@yahoo.com> Date: Mon, 11 Oct 2004 19:28:50 +0900 From: Rob User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.2) Gecko/20041002 X-Accept-Language: en-us, en MIME-Version: 1.0 To: uidzero , freebsd-questions@freebsd.org References: <416A5CF6.20508@one-arm.com> In-Reply-To: <416A5CF6.20508@one-arm.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-TERRACE-SPAMMARK: YES-__TRSYS_LV__3 (SR:-4.61) (SRN:SPAMROBOT) ----------------- Subject: Re: Adding network & IP to hosts.deny X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Oct 2004 10:28:52 -0000 uidzero wrote: > Pelle Andersson wrote: > >> Hi! >> >> I have a lot of login attempts from various networks and IP addresses >> on my FBSD 4.10 server. I have read the man pages for hosts.deny but >> do not understand how to add networks and IP addresses to it. >> > > I use "/etc/rc.ipfw"... > > > ${fwcmd} add 300 deny IP from 24.19.0.105 to any > ${fwcmd} add 301 deny IP from 24.79.68.179 to any > ${fwcmd} add 400 deny IP from 61.100.180.125 to any > ${fwcmd} add 401 deny IP from 61.206.125.28 to any > ${fwcmd} add 402 deny IP from 61.211.239.236 to any > ${fwcmd} add 500 deny IP from 63.144.19.6 to any > ${fwcmd} add 501 deny IP from 64.246.20.123 to any > ${fwcmd} add 502 deny IP from 66.223.46.129 to any > ${fwcmd} add 503 deny IP from 67.81.127.99 to any > ${fwcmd} add 600 deny IP from 81.223.99.90 to any > ${fwcmd} add 700 deny IP from 140.112.124.123 to any > ${fwcmd} add 701 deny IP from 159.226.2.161 to any > ${fwcmd} add 702 deny IP from 163.25.65.3 to any > ${fwcmd} add 703 deny IP from 193.145.87.3 to any > ${fwcmd} add 800 deny IP from 202.57.191.179 to any > ${fwcmd} add 801 deny IP from 202.226.185.150 to any > ${fwcmd} add 810 deny IP from 203.71.62.9 to any > ${fwcmd} add 113 deny IP from 203.98.166.25 to any > ${fwcmd} add 812 deny IP from 203.115.96.151 to any > ${fwcmd} add 813 deny IP from 203.169.248.5 to any > ${fwcmd} add 814 deny IP from 203.186.157.37 to any > ${fwcmd} add 830 deny IP from 205.209.141.50 to any > ${fwcmd} add 870 deny IP from 209.88.93.138 to any > ${fwcmd} add 871 deny IP from 209.172.103.235 to any > ${fwcmd} add 880 deny IP from 210.204.129.11 to any > ${fwcmd} add 890 deny IP from 211.60.219.250 to any > ${fwcmd} add 891 deny IP from 211.221.246.28 to any > ${fwcmd} add 892 deny IP from 211.251.71.2 to any > ${fwcmd} add 893 deny IP from 211.252.9.126 to any > ${fwcmd} add 940 deny IP from 216.29.112.126 to any > ${fwcmd} add 950 deny IP from 217.172.182.148 to any > ${fwcmd} add 960 deny IP from 218.21.129.105 to any > ${fwcmd} add 961 deny IP from 218.49.183.17 to any > ${fwcmd} add 962 deny IP from 218.102.19.78 to any > ${fwcmd} add 963 deny IP from 218.237.66.152 to any > ${fwcmd} add 970 deny IP from 220.64.223.249 to any > ${fwcmd} add 971 deny IP from 220.73.215.151 to any > ${fwcmd} add 980 deny IP from 221.3.131.80 to any > ${fwcmd} add 981 deny IP from 221.12.11.118 to any > ${fwcmd} add 982 deny IP from 222.56.118.124 to any I have attacks by similar IP numbers. However, I discovered that these IP numbers are used only once to attack my PC. Next attack will be from a different IP number. So adding the IP numbers to your list each time after an attack, will make your deny-list longer and longer, but won't make it more effective, since it doesn't protect you against the attackers next attempts. Unless, of course, someone is attacking again and again from the same IP number; but that is not what I observe. Rob.