Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 4 Mar 2011 19:30:37 -0500
From:      Outback Dingo <outbackdingo@gmail.com>
To:        Patrick Gibson <gibblertron@gmail.com>
Cc:        Jorge Biquez <jbiquez@intranet.com.mx>, Gary Gatten <Ggatten@waddell.com>, "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject:   Re: Simplest way to deny access to a class C
Message-ID:  <AANLkTi=UVGXoRg310mZMa-kU3gVThPzXxOTz-RhBfdes@mail.gmail.com>
In-Reply-To: <AANLkTi=619ih7aP8ic_rTqFWVmk_P2Zrob=XJUsvLfHL@mail.gmail.com>
References:  <3382016411-764985335@intranet.com.mx> <AANLkTi=Fb_CiA76g79ZkP8o_yWsQcN6iuPD7w=dBxztQ@mail.gmail.com> <11805_1299196962_4D702C22_11805_70_1_D9B37353831173459FDAA836D3B43499BD354A48@WADPMBXV0.waddell.com> <AANLkTi=619ih7aP8ic_rTqFWVmk_P2Zrob=XJUsvLfHL@mail.gmail.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Fri, Mar 4, 2011 at 7:14 PM, Patrick Gibson <gibblertron@gmail.com>wrote:

> fail2ban by default only bans an IP for 10 minutes, and that's
> configurable. It can also email you anytime it imposes a ban, so one
> can keep an eye on things at least in the beginning to see if it's
> causing a problem for legitimate users.
>
> On Thu, Mar 3, 2011 at 4:02 PM, Gary Gatten <Ggatten@waddell.com> wrote:
> > Be careful of automated responses.  What if someone spoofs IP's of legit
> users / customers / whatever and your automated response blocks them?  Not
> good.
> >
> > I thought about blocking....well, never mind - might pi$$ someone off and
> attract unwanted attention...
> >
> > -----Original Message-----
> > From: owner-freebsd-questions@freebsd.org [mailto:
> owner-freebsd-questions@freebsd.org] On Behalf Of Patrick Gibson
> > Sent: Thursday, March 03, 2011 5:58 PM
> > To: Jorge Biquez
> > Cc: freebsd-questions@freebsd.org
> > Subject: Re: Simplest way to deny access to a class C
> >
> > You might consider mod_security (/usr/ports/www/mod_security) which
> > can be set up to ban hosts based on behaviour or characteristics.
> >
> > Or fail2ban (/usr/ports/security/py-fail2ban) is really great, too, in
> > that it scans whatever logs you want, and can trigger a block in your
> > firewall if enough violating log entries are found within a particular
> > period of time. Everything is totally configurable, and there are
> > plenty of examples that come with it.
> >
> > Patrick
> >
> >
> > On Thu, Mar 3, 2011 at 8:59 AM, Jorge Biquez <jbiquez@intranet.com.mx>
> wrote:
> >> Hello all.
> >>
> >> I am sorry in advance if this question sounds too stupid.
> >>
> >> I have a small server for personal use of webpages running:
> >>
> >> 7.3-PRERELEASE FreeBSD 7.3-PRERELEASE #0
> >>
> >> it is working fine , no problem very stable.
> >>
> >> I just need to block some IP class C address that are always trying to
> >> "discover" directories or applications under the web server. They do not
> do
> >> and can not do anything since this server has nothing installed but i am
> >> tired of seeing in the logs all the intents they do every 2-3 seconds.
> >>
> >> I have not installed any kind of firewall yet.
> >> What do you think is the best way to accomplish this task? If possible
> the
> >> easiest one. I do not want to do anything else but just bloc IP's, at
> this
> >> moment at least.
>

I wonder why nobodies mentioned a quite simple method with tcpwrappers and
hosts.allow / hosts.deny also




> >>
> >> Thanks in advance.
> >>
> >> Jorge Biquez
> >>
> >> _______________________________________________
> >> freebsd-questions@freebsd.org mailing list
> >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> >> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe@freebsd.org"
> >>
> > _______________________________________________
> > freebsd-questions@freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> > To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe@freebsd.org"
> >
> >
> >
> >
> >
> > <font size="1">
> > <div style='border:none;border-bottom:double windowtext
> 2.25pt;padding:0in 0in 1.0pt 0in'>
> > </div>
> > "This email is intended to be reviewed by only the intended recipient
> >  and may contain information that is privileged and/or confidential.
> >  If you are not the intended recipient, you are hereby notified that
> >  any review, use, dissemination, disclosure or copying of this email
> >  and its attachments, if any, is strictly prohibited.  If you have
> >  received this email in error, please immediately notify the sender by
> >  return email and delete this email from your system."
> > </font>
> >
> >
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe@freebsd.org"
>



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?AANLkTi=UVGXoRg310mZMa-kU3gVThPzXxOTz-RhBfdes>