Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 4 Mar 2011 13:51:02 +0000
From:      krad <kraduk@gmail.com>
To:        Jorge Biquez <jbiquez@intranet.com.mx>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Simplest way to deny access to a class C
Message-ID:  <AANLkTikEH6wvap+m+j14M8xepHXAJ-xHJiSQX4v0_UxF@mail.gmail.com>
In-Reply-To: <3382051429-764985639@intranet.com.mx>
References:  <3382016411-764985335@intranet.com.mx> <AANLkTi=Fb_CiA76g79ZkP8o_yWsQcN6iuPD7w=dBxztQ@mail.gmail.com> <11805_1299196962_4D702C22_11805_70_1_D9B37353831173459FDAA836D3B43499BD354A48@WADPMBXV0.waddell.com> <3382051429-764985639@intranet.com.mx>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On 4 March 2011 02:43, Jorge Biquez <jbiquez@intranet.com.mx> wrote:

> Thank you all for your time and comments.
>
> I guess that I will install a firewall, that way I can also block those
> Class C's from sending tons of emails to non existing accounts....
> I will read the website to see the best options.  Any suggestion is more
> than welcome.
>
> Jorge Biquez
>
>
> At 06:02 p.m. 03/03/2011, you wrote:
>
>> Be careful of automated responses.  What if someone spoofs IP's of legit
>> users / customers / whatever and your automated response blocks them?  Not
>> good.
>>
>> I thought about blocking....well, never mind - might pi$$ someone off and
>> attract unwanted attention...
>>
>> -----Original Message-----
>> From: owner-freebsd-questions@freebsd.org [mailto:
>> owner-freebsd-questions@freebsd.org] On Behalf Of Patrick Gibson
>> Sent: Thursday, March 03, 2011 5:58 PM
>> To: Jorge Biquez
>> Cc: freebsd-questions@freebsd.org
>> Subject: Re: Simplest way to deny access to a class C
>>
>> You might consider mod_security (/usr/ports/www/mod_security) which
>> can be set up to ban hosts based on behaviour or characteristics.
>>
>> Or fail2ban (/usr/ports/security/py-fail2ban) is really great, too, in
>> that it scans whatever logs you want, and can trigger a block in your
>> firewall if enough violating log entries are found within a particular
>> period of time. Everything is totally configurable, and there are
>> plenty of examples that come with it.
>>
>> Patrick
>>
>>
>> On Thu, Mar 3, 2011 at 8:59 AM, Jorge Biquez <jbiquez@intranet.com.mx>
>> wrote:
>> > Hello all.
>> >
>> > I am sorry in advance if this question sounds too stupid.
>> >
>> > I have a small server for personal use of webpages running:
>> >
>> > 7.3-PRERELEASE FreeBSD 7.3-PRERELEASE #0
>> >
>> > it is working fine , no problem very stable.
>> >
>> > I just need to block some IP class C address that are always trying to
>> > "discover" directories or applications under the web server. They do not
>> do
>> > and can not do anything since this server has nothing installed but i am
>> > tired of seeing in the logs all the intents they do every 2-3 seconds.
>> >
>> > I have not installed any kind of firewall yet.
>> > What do you think is the best way to accomplish this task? If possible
>> the
>> > easiest one. I do not want to do anything else but just bloc IP's, at
>> this
>> > moment at least.
>> >
>> > Thanks in advance.
>> >
>> > Jorge Biquez
>> >
>> > _______________________________________________
>> > freebsd-questions@freebsd.org mailing list
>> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> > To unsubscribe, send any mail to "
>> freebsd-questions-unsubscribe@freebsd.org"
>> >
>> _______________________________________________
>> freebsd-questions@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "
>> freebsd-questions-unsubscribe@freebsd.org"
>>
>>
>>
>>
>>
>> <font size="1">
>> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in
>> 0in 1.0pt 0in'>
>> </div>
>> "This email is intended to be reviewed by only the intended recipient
>>  and may contain information that is privileged and/or confidential.
>>  If you are not the intended recipient, you are hereby notified that
>>  any review, use, dissemination, disclosure or copying of this email
>>  and its attachments, if any, is strictly prohibited.  If you have
>>  received this email in error, please immediately notify the sender by
>>  return email and delete this email from your system."
>> </font>
>>
>> _______________________________________________
>> freebsd-questions@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "
>> freebsd-questions-unsubscribe@freebsd.org"
>>
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe@freebsd.org"
>


you might wamt to look at geoip as well. you can open  up services to specif
regions then, or block other regions. Can be controversial though.



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?AANLkTikEH6wvap+m+j14M8xepHXAJ-xHJiSQX4v0_UxF>