From owner-freebsd-security  Mon Jun 24 15:36:22 2002
Delivered-To: freebsd-security@freebsd.org
Received: from kobold.compt.com (TBextgw.compt.com [209.115.146.18])
	by hub.freebsd.org (Postfix) with ESMTP id 4931C37B716
	for <freebsd-security@FreeBSD.ORG>; Mon, 24 Jun 2002 15:36:16 -0700 (PDT)
Date: Mon, 24 Jun 2002 18:36:14 -0400
From: Klaus Steden <klaus@compt.com>
To: freebsd-security@FreeBSD.ORG
Subject: automated blackholing
Message-ID: <20020624183614.J589@cthulu.compt.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hi,

I've got a situation with one of my servers at work that gets script kiddies
attempting to use it as a warez repository. It worked once, for about three
days, but I guess the hostname/address is still in someone's list of good
targets. I've been using tcpd to block access, but I'm getting a little more
annoyed by now and would like to start blackholing these people as soon as
they attempt to connect.

I've got my list of hosts to refuse - what's the best way to automatically
disappear when one of them tries to connect?

thanks,
Klaus

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message