LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-01-2004, 04:25 PM   #1
t3___
Member
 
Registered: Sep 2003
Posts: 240

Rep: Reputation: 30
blocking "known bad" hosts


I reviewed my VSFTPD log file and noticed that several known spammer/hacker domains are attempting to log on anonymously. I have anonymous logins disabled, so it was not a big issue this time, but I'm uncomfortable with the idea that I am getting scaned for exploits etc...


Is there a simple, practical method to use a DNSBL or some other listing to block all traffic from bad ip adds/ranges? Would I import this into my hosts.deny file? Any suggestions would be greatly appreciated...
 
Old 06-01-2004, 04:34 PM   #2
OIZee
LQ Newbie
 
Registered: Jan 2004
Posts: 5

Rep: Reputation: 0
To filter out known "bad" hosts you shoud use a firewall. A firewall kan drop a request on a sertain port. So it would look like there isn't anything running on that port.
If you are using hosts.deny the request will be blocked and the atacker will know there is something running on that port.

Regards
Brian
 
Old 06-01-2004, 04:42 PM   #3
t3___
Member
 
Registered: Sep 2003
Posts: 240

Original Poster
Rep: Reputation: 30
I'm confused... let me explain more. we have the server in a DMZ on our firewall that blocks all ports to the outside world except FTP (box only functions as an ftp server externally, internally samba etc). If I firewall that port legitimate external users won't be able to connect either? Am I missing something?

an other thoughts would be grealy appreciated...
 
Old 06-02-2004, 05:30 PM   #4
t3___
Member
 
Registered: Sep 2003
Posts: 240

Original Poster
Rep: Reputation: 30
anyone???
 
Old 06-03-2004, 02:17 PM   #5
t3___
Member
 
Registered: Sep 2003
Posts: 240

Original Poster
Rep: Reputation: 30
bump
 
Old 06-04-2004, 11:35 AM   #6
pe2338
Member
 
Registered: Dec 2002
Location: Bucharest,RO
Distribution: debian etch, sarge and sid
Posts: 407

Rep: Reputation: 30
you can insert a rule like

Code:
iptables -A INPUT -p tcp -s known.bad.address.ip --dport 21 -j DROP
in your firewall and it will drop all connections from the known.bad.address.ip IP.

All you have to do is to type
Code:
nslookup known.bad.address.ip

or

host known.bad.address.ip
to get the real IP address and replace to get the real IP address with it
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
"bad interpreter : no such file or directory" when configure "flex" acer_peri Linux - Software 10 11-10-2010 02:19 AM
Telling people to use "Google," to "RTFM," or "Use the search feature" Ausar General 77 03-21-2010 12:26 PM
"hosts allow" in smb.conf expects only FQDN, not alias or netbios name!? Not now, John! Linux - Networking 1 10-13-2006 06:17 AM
"Neighbour table overflow." blocking internet Riddick Linux - Networking 5 11-17-2005 03:40 PM
KDE/CUPS printer slow to start up; fixed with "127.0.0.1 localhost" in /etc/hosts KWTm LinuxQuestions.org Member Success Stories 0 03-05-2005 12:11 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:27 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration