blocking "known bad" hosts
I reviewed my VSFTPD log file and noticed that several known spammer/hacker domains are attempting to log on anonymously. I have anonymous logins disabled, so it was not a big issue this time, but I'm uncomfortable with the idea that I am getting scaned for exploits etc...
Is there a simple, practical method to use a DNSBL or some other listing to block all traffic from bad ip adds/ranges? Would I import this into my hosts.deny file? Any suggestions would be greatly appreciated... |
To filter out known "bad" hosts you shoud use a firewall. A firewall kan drop a request on a sertain port. So it would look like there isn't anything running on that port.
If you are using hosts.deny the request will be blocked and the atacker will know there is something running on that port. Regards Brian |
I'm confused... let me explain more. we have the server in a DMZ on our firewall that blocks all ports to the outside world except FTP (box only functions as an ftp server externally, internally samba etc). If I firewall that port legitimate external users won't be able to connect either? Am I missing something?
an other thoughts would be grealy appreciated... |
anyone???
|
bump
|
you can insert a rule like
Code:
iptables -A INPUT -p tcp -s known.bad.address.ip --dport 21 -j DROP All you have to do is to type Code:
nslookup known.bad.address.ip |
All times are GMT -5. The time now is 06:28 AM. |