From owner-freebsd-questions@FreeBSD.ORG Sat Mar 5 03:39:59 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9A98C106564A for ; Sat, 5 Mar 2011 03:39:59 +0000 (UTC) (envelope-from gibblertron@gmail.com) Received: from mail-iw0-f182.google.com (mail-iw0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id 59DE28FC0C for ; Sat, 5 Mar 2011 03:39:59 +0000 (UTC) Received: by iwn33 with SMTP id 33so2873304iwn.13 for ; Fri, 04 Mar 2011 19:39:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=v+glWapD/+P2dX6qaO49vUJ5sy4rkmUMZE+HVqp3d+E=; b=jxH9bwhNurkSIfpiwYFqzJVHt19OHBldBd1r01vyAlGEs1MMGi+KUIwGhs6GfI1R2J zowY/DBeXdLKTR+HWQm9gwg72RGT6Ioc+72tNK4GOc8R39Yo49oQyCbqMvBcuDi3uzKu JWV3mXhks9BphJIaXF4tNdNMQ9VGoJcfICRf4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=CCpvJvdhyJgnirt5Agz+HBuD7e7HgPLpcHSaj2NshpzKtfT7KQV9XavzoMA/gj/A8A GUjtBOA1WfC92CM/QDj5VcVWco5ANrVybVsBul1PdB0Di81h1caDCNXOTS9c5LgzR0NT 8SEhV3UKMLJzzcsTmpeYcjO5KZpj+RP0/T3ls= MIME-Version: 1.0 Received: by 10.231.188.222 with SMTP id db30mr1000493ibb.150.1299296398571; Fri, 04 Mar 2011 19:39:58 -0800 (PST) Received: by 10.231.38.2 with HTTP; Fri, 4 Mar 2011 19:39:58 -0800 (PST) In-Reply-To: References: <3382016411-764985335@intranet.com.mx> <11805_1299196962_4D702C22_11805_70_1_D9B37353831173459FDAA836D3B43499BD354A48@WADPMBXV0.waddell.com> Date: Fri, 4 Mar 2011 19:39:58 -0800 Message-ID: From: Patrick Gibson To: Outback Dingo Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: Jorge Biquez , Gary Gatten , "freebsd-questions@freebsd.org" Subject: Re: Simplest way to deny access to a class C X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Mar 2011 03:39:59 -0000 The original question had to do with requests to a web server, and it would not be practical nor typical to route all http traffic through inetd. As well, tcpwrappers require manual work; mod_security and fail2ban are both ban automatically based on specified criteria and patterns. While mod_security only works for Apache, fail2ban works for any service that writes out to a log file. We have it watching our instances of Apache, Postfix, Cyrus IMAP, and sshd services for repeated login failure within a short period of time. It has done wonders. Patrick On Fri, Mar 4, 2011 at 4:30 PM, Outback Dingo wrot= e: > > > On Fri, Mar 4, 2011 at 7:14 PM, Patrick Gibson > wrote: >> >> fail2ban by default only bans an IP for 10 minutes, and that's >> configurable. It can also email you anytime it imposes a ban, so one >> can keep an eye on things at least in the beginning to see if it's >> causing a problem for legitimate users. >> >> On Thu, Mar 3, 2011 at 4:02 PM, Gary Gatten wrote: >> > Be careful of automated responses. =A0What if someone spoofs IP's of l= egit >> > users / customers / whatever and your automated response blocks them? = =A0Not >> > good. >> > >> > I thought about blocking....well, never mind - might pi$$ someone off >> > and attract unwanted attention... >> > >> > -----Original Message----- >> > From: owner-freebsd-questions@freebsd.org >> > [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Patrick Gibs= on >> > Sent: Thursday, March 03, 2011 5:58 PM >> > To: Jorge Biquez >> > Cc: freebsd-questions@freebsd.org >> > Subject: Re: Simplest way to deny access to a class C >> > >> > You might consider mod_security (/usr/ports/www/mod_security) which >> > can be set up to ban hosts based on behaviour or characteristics. >> > >> > Or fail2ban (/usr/ports/security/py-fail2ban) is really great, too, in >> > that it scans whatever logs you want, and can trigger a block in your >> > firewall if enough violating log entries are found within a particular >> > period of time. Everything is totally configurable, and there are >> > plenty of examples that come with it. >> > >> > Patrick >> > >> > >> > On Thu, Mar 3, 2011 at 8:59 AM, Jorge Biquez >> > wrote: >> >> Hello all. >> >> >> >> I am sorry in advance if this question sounds too stupid. >> >> >> >> I have a small server for personal use of webpages running: >> >> >> >> 7.3-PRERELEASE FreeBSD 7.3-PRERELEASE #0 >> >> >> >> it is working fine , no problem very stable. >> >> >> >> I just need to block some IP class C address that are always trying t= o >> >> "discover" directories or applications under the web server. They do >> >> not do >> >> and can not do anything since this server has nothing installed but i >> >> am >> >> tired of seeing in the logs all the intents they do every 2-3 seconds= . >> >> >> >> I have not installed any kind of firewall yet. >> >> What do you think is the best way to accomplish this task? If possibl= e >> >> the >> >> easiest one. I do not want to do anything else but just bloc IP's, at >> >> this >> >> moment at least. > > I wonder why nobodies mentioned a quite simple method with tcpwrappers an= d > hosts.allow / hosts.deny also > > >> >> >> >> >> Thanks in advance. >> >> >> >> Jorge Biquez >> >> >> >> _______________________________________________ >> >> freebsd-questions@freebsd.org mailing list >> >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> >> To unsubscribe, send any mail to >> >> "freebsd-questions-unsubscribe@freebsd.org" >> >> >> > _______________________________________________ >> > freebsd-questions@freebsd.org mailing list >> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> > To unsubscribe, send any mail to >> > "freebsd-questions-unsubscribe@freebsd.org" >> > >> > >> > >> > >> > >> > >> >
> > 2.25pt;padding:0in 0in 1.0pt 0in'> >> >
>> > "This email is intended to be reviewed by only the intended recipient >> > =A0and may contain information that is privileged and/or confidential. >> > =A0If you are not the intended recipient, you are hereby notified that >> > =A0any review, use, dissemination, disclosure or copying of this email >> > =A0and its attachments, if any, is strictly prohibited. =A0If you have >> > =A0received this email in error, please immediately notify the sender = by >> > =A0return email and delete this email from your system." >> > >> > >> > >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to >> "freebsd-questions-unsubscribe@freebsd.org" > >