Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 11 Oct 2004 20:21:04 +0900
From:      Rob <>
To:        uidzero <>,
Subject:   Re: Adding network & IP to hosts.deny
Message-ID:  <>
In-Reply-To: <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
uidzero wrote:
> Rob wrote:
>> uidzero wrote:
>>> Pelle Andersson wrote:
>>>> Hi!
>>>> I have a lot of login attempts from various networks and IP addresses
>>>> on my FBSD 4.10 server. I have read the man pages for hosts.deny but
>>>> do not understand how to add networks and IP addresses to it.
>>> I use "/etc/rc.ipfw"...
>>> ${fwcmd} add 300 deny IP from to any
>>> ${fwcmd} add 301 deny IP from to any
>>> ${fwcmd} add 400 deny IP from to any
>>> ${fwcmd} add 401 deny IP from to any
>>> ${fwcmd} add 971 deny IP from to any
>>> ${fwcmd} add 980 deny IP from to any
>>> ${fwcmd} add 981 deny IP from to any
>>> ${fwcmd} add 982 deny IP from to any
>> I have attacks by similar IP numbers. However, I discovered
>> that these IP numbers are used only once to attack my PC.
>> Next attack will be from a different IP number. So adding the
>> IP numbers to your list each time after an attack, will make
>> your deny-list longer and longer, but won't make it more effective,
>> since it doesn't protect you against the attackers next attempts.
>> Unless, of course, someone is attacking again and again from the
>> same IP number; but that is not what I observe.
>> Rob.
> Actually, quite a few has attempted several times from the same IPs. I 
> figure if it gets to big, I'll just block the whole class. What do I 
> care if a whole country can't access my lil webserver? :)

Have you bothered to monitor your rules with ipfw -dt show, or by adding
a 'log' to your rules? That would give you a clue as to how effective
your deny rules are.


Want to link to this message? Use this URL: <>