LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-01-2006, 04:05 PM   #1
narmida
Member
 
Registered: Mar 2005
Location: Alphen aan den Rijn , netherlands
Distribution: core
Posts: 57

Rep: Reputation: 15
Block country's with hosts.deny


Is there a way to black complete country's
I get on some servers many and i mean MANY hack attempts of example korea russia etc.

Is there a script that checks http://www.apnic.net/ and takes the new ip's of the country and blocks them.
The info is free to download so i asume that anyone has already invented this script.

If you have other suggestions plz share it.

For the record my servers are save but this saves lots of bandwith plus it is a secure way.
My customers dont have clients in russia and korea etc.

thnx in advance
 
Old 03-01-2006, 07:08 PM   #2
spooon
Senior Member
 
Registered: Aug 2005
Posts: 1,755

Rep: Reputation: 51
denyhosts is a program that automatically checks your ssh logs and blocks IPs that try to repeatedly log in or something, many distros have a package for it
 
Old 03-01-2006, 07:11 PM   #3
jomen
Senior Member
 
Registered: May 2004
Location: Leipzig/Germany
Distribution: Arch
Posts: 1,687

Rep: Reputation: 55
even with:
ALL: PARANIOD
in /etc/hosts.deny
you would still get connection attempts!?
Maybe review the services which you offer to the net - and how they are set up - to make you appear less attractive?
 
Old 03-01-2006, 10:49 PM   #4
sipsipi
Member
 
Registered: Dec 2005
Location: Chicago
Distribution: Fedora and Redhat
Posts: 86

Rep: Reputation: 15
HAHAHA , i was just working on this hosts.deny

remove comments to countries you want to say
"NO INTERWEB FOR YOU!!"


Code:
#
# hosts.deny    This file describes the names of the hosts which are
#               *not* allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!
#ALL:ALL
#ALL:ALL: .ac
#ALL:ALL: .ad
#ALL:ALL: .ae
#ALL:ALL: .af
#ALL:ALL: .ag
#ALL:ALL: .ai
#ALL:ALL: .al
#ALL:ALL: .am
#ALL:ALL: .an
#ALL:ALL: .ao
#ALL:ALL: .aq
#ALL:ALL: .ar
#ALL:ALL: .as
#ALL:ALL: .at
#ALL:ALL: .au
#ALL:ALL: .aw
#ALL:ALL: .az
#ALL:ALL: .ax
#ALL:ALL: .ba
#ALL:ALL: .bb
#ALL:ALL: .bd
#ALL:ALL: .be
#ALL:ALL: .bf
#ALL:ALL: .bg
#ALL:ALL: .bh
#ALL:ALL: .bi
#ALL:ALL: .bj
#ALL:ALL: .bm
#ALL:ALL: .bn
#ALL:ALL: .bo
#ALL:ALL: .br
#ALL:ALL: .bs
#ALL:ALL: .bt
#ALL:ALL: .bv
#ALL:ALL: .bw
#ALL:ALL: .by
#ALL:ALL: .bz
#ALL:ALL: .ca
#ALL:ALL: .cc
#ALL:ALL: .cd
#ALL:ALL: .cf
#ALL:ALL: .cg
#ALL:ALL: .ch
#ALL:ALL: .ci
#ALL:ALL: .ck
#ALL:ALL: .cl
#ALL:ALL: .cm
#ALL:ALL: .cn
#ALL:ALL: .co
#ALL:ALL: .cr
#ALL:ALL: .cs
#ALL:ALL: .cu
#ALL:ALL: .cv
#ALL:ALL: .cx
#ALL:ALL: .cy
#ALL:ALL: .cz
#ALL:ALL: .de
#ALL:ALL: .dj
#ALL:ALL: .dk
#ALL:ALL: .dm
#ALL:ALL: .do
#ALL:ALL: .dz
#ALL:ALL: .ec
#ALL:ALL: .ee
#ALL:ALL: .eg
#ALL:ALL: .eh
#ALL:ALL: .er
#ALL:ALL: .es
#ALL:ALL: .et
#ALL:ALL: .eu
#ALL:ALL: .fi
#ALL:ALL: .fj
#ALL:ALL: .fk
#ALL:ALL: .fm
#ALL:ALL: .fo
#ALL:ALL: .fr
#ALL:ALL: .ga
#ALL:ALL: .gb
#ALL:ALL: .gd
#ALL:ALL: .ge
#ALL:ALL: .gf
#ALL:ALL: .gg
#ALL:ALL: .gh
#ALL:ALL: .gi
#ALL:ALL: .gl
#ALL:ALL: .gm
#ALL:ALL: .gn
#ALL:ALL: .gp
#ALL:ALL: .gq
#ALL:ALL: .gr
#ALL:ALL: .gs
#ALL:ALL: .gt
#ALL:ALL: .gu
#ALL:ALL: .gw
#ALL:ALL: .gy
#ALL:ALL: .hk
#ALL:ALL: .hm
#ALL:ALL: .hn
#ALL:ALL: .hr
#ALL:ALL: .ht
#ALL:ALL: .hu
#ALL:ALL: .id
#ALL:ALL: .ie
#ALL:ALL: .il
#ALL:ALL: .im
#ALL:ALL: .in
#ALL:ALL: .io
#ALL:ALL: .iq
#ALL:ALL: .ir
#ALL:ALL: .is
#ALL:ALL: .it
#ALL:ALL: .je
#ALL:ALL: .jm
#ALL:ALL: .jo
#ALL:ALL: .jp
#ALL:ALL: .ke
#ALL:ALL: .kg
#ALL:ALL: .kh
#ALL:ALL: .ki
#ALL:ALL: .km
#ALL:ALL: .kn
#ALL:ALL: .kp
#ALL:ALL: .kr
#ALL:ALL: .kw
#ALL:ALL: .ky
#ALL:ALL: .kz
#ALL:ALL: .la
#ALL:ALL: .lb
#ALL:ALL: .lc
#ALL:ALL: .li
#ALL:ALL: .lk
#ALL:ALL: .lr
#ALL:ALL: .ls
#ALL:ALL: .lt
#ALL:ALL: .lu
#ALL:ALL: .lv
#ALL:ALL: .ly
#ALL:ALL: .ma
#ALL:ALL: .mc
#ALL:ALL: .md
#ALL:ALL: .mg
#ALL:ALL: .mh
#ALL:ALL: .mk
#ALL:ALL: .ml
#ALL:ALL: .mm
#ALL:ALL: .mn
#ALL:ALL: .mo
#ALL:ALL: .mp
#ALL:ALL: .mq
#ALL:ALL: .mr
#ALL:ALL: .ms
#ALL:ALL: .mt
#ALL:ALL: .mu
#ALL:ALL: .mv
#ALL:ALL: .mw
#ALL:ALL: .mx
#ALL:ALL: .my
#ALL:ALL: .mz
#ALL:ALL: .na
#ALL:ALL: .nc
#ALL:ALL: .ne
#ALL:ALL: .nf
#ALL:ALL: .ng
#ALL:ALL: .ni
#ALL:ALL: .nl
#ALL:ALL: .no
#ALL:ALL: .np
#ALL:ALL: .nr
#ALL:ALL: .nu
#ALL:ALL: .nz
#ALL:ALL: .om
#ALL:ALL: .pa
#ALL:ALL: .pe
#ALL:ALL: .pf
#ALL:ALL: .pg
#ALL:ALL: .ph
#ALL:ALL: .pk
#ALL:ALL: .pl
#ALL:ALL: .pm
#ALL:ALL: .pn
#ALL:ALL: .pr
#ALL:ALL: .ps
#ALL:ALL: .pt
#ALL:ALL: .pw
#ALL:ALL: .py
#ALL:ALL: .qa
#ALL:ALL: .re
#ALL:ALL: .ro
#ALL:ALL: .ru
#ALL:ALL: .rw
#ALL:ALL: .sa
#ALL:ALL: .sb
#ALL:ALL: .sc
#ALL:ALL: .sd
#ALL:ALL: .se
#ALL:ALL: .sg
#ALL:ALL: .sh
#ALL:ALL: .si
#ALL:ALL: .sj
#ALL:ALL: .sk
#ALL:ALL: .sl
#ALL:ALL: .sm
#ALL:ALL: .sn
#ALL:ALL: .so
#ALL:ALL: .sr
#ALL:ALL: .st
#ALL:ALL: .sv
#ALL:ALL: .sy
#ALL:ALL: .sz
#ALL:ALL: .tc
#ALL:ALL: .td
#ALL:ALL: .tf
#ALL:ALL: .tg
#ALL:ALL: .th
#ALL:ALL: .tj
#ALL:ALL: .tk
#ALL:ALL: .tl
#ALL:ALL: .tm
#ALL:ALL: .tn
#ALL:ALL: .to
#ALL:ALL: .tp
#ALL:ALL: .tr
#ALL:ALL: .tt
#ALL:ALL: .tv
#ALL:ALL: .tw
#ALL:ALL: .tz
#ALL:ALL: .ua
#ALL:ALL: .ug
#ALL:ALL: .uk
#ALL:ALL: .um
#.us  .  United States
#ALL:ALL: .uy
#ALL:ALL: .uz
#ALL:ALL: .va
#ALL:ALL: .vc
#ALL:ALL: .ve
#ALL:ALL: .vg
#ALL:ALL: .vi
#ALL:ALL: .vn
#ALL:ALL: .vu
#ALL:ALL: .wf
#ALL:ALL: .ws
#ALL:ALL: .ye
#ALL:ALL: .yt
#ALL:ALL: .yu
#ALL:ALL: .za
#ALL:ALL: .zm
#ALL:ALL: .zw
 
Old 03-02-2006, 09:32 AM   #5
narmida
Member
 
Registered: Mar 2005
Location: Alphen aan den Rijn , netherlands
Distribution: core
Posts: 57

Original Poster
Rep: Reputation: 15
wow didnt know we had this much.

great file

where did u get the .xx information from.
 
Old 03-02-2006, 09:36 AM   #6
narmida
Member
 
Registered: Mar 2005
Location: Alphen aan den Rijn , netherlands
Distribution: core
Posts: 57

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by sipsipi
HAHAHA , i was just working on this hosts.deny

remove comments to countries you want to say
"NO INTERWEB FOR YOU!!"

Just udate the countries information


Code:
#
# hosts.deny    This file describes the names of the hosts which are
#               *not* allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!
#ALL:ALL
#ALL:ALL: .ac
#ALL:ALL: .ad
#ALL:ALL: .ae
#ALL:ALL: .af
#ALL:ALL: .ag
#ALL:ALL: .ai
#ALL:ALL: .al
#ALL:ALL: .am
#ALL:ALL: .an
#ALL:ALL: .ao
#ALL:ALL: .aq
#ALL:ALL: .ar
#ALL:ALL: .as
#ALL:ALL: .at
#ALL:ALL: .au
#ALL:ALL: .aw
#ALL:ALL: .az
#ALL:ALL: .ax
#ALL:ALL: .ba
#ALL:ALL: .bb
#ALL:ALL: .bd
# .be Belgium
#ALL:ALL: .be
#ALL:ALL: .bf
#ALL:ALL: .bg
#ALL:ALL: .bh
#ALL:ALL: .bi
#ALL:ALL: .bj
#ALL:ALL: .bm
#ALL:ALL: .bn
#ALL:ALL: .bo
#ALL:ALL: .br
#ALL:ALL: .bs
#ALL:ALL: .bt
#ALL:ALL: .bv
#ALL:ALL: .bw
#ALL:ALL: .by
#ALL:ALL: .bz
#ALL:ALL: .ca
#ALL:ALL: .cc
#ALL:ALL: .cd
#ALL:ALL: .cf
#ALL:ALL: .cg
#ALL:ALL: .ch
#ALL:ALL: .ci
#ALL:ALL: .ck
#ALL:ALL: .cl
#ALL:ALL: .cm
#ALL:ALL: .cn
#ALL:ALL: .co
#ALL:ALL: .cr
#ALL:ALL: .cs
#ALL:ALL: .cu
#ALL:ALL: .cv
#ALL:ALL: .cx
#ALL:ALL: .cy
#ALL:ALL: .cz
#ALL:ALL: .de
#ALL:ALL: .dj
#ALL:ALL: .dk
#ALL:ALL: .dm
#ALL:ALL: .do
#ALL:ALL: .dz
#ALL:ALL: .ec
#ALL:ALL: .ee
#ALL:ALL: .eg
#ALL:ALL: .eh
#ALL:ALL: .er
#ALL:ALL: .es
#ALL:ALL: .et
# .eu europe
#ALL:ALL: .eu
#ALL:ALL: .fi
#ALL:ALL: .fj
#ALL:ALL: .fk
#ALL:ALL: .fm
#ALL:ALL: .fo
# .fr france
#ALL:ALL: .fr
#ALL:ALL: .ga
#ALL:ALL: .gb
#ALL:ALL: .gd
#ALL:ALL: .ge
#ALL:ALL: .gf
#ALL:ALL: .gg
#ALL:ALL: .gh
#ALL:ALL: .gi
#ALL:ALL: .gl
#ALL:ALL: .gm
#ALL:ALL: .gn
#ALL:ALL: .gp
#ALL:ALL: .gq
# .gr greece
#ALL:ALL: .gr
#ALL:ALL: .gs
#ALL:ALL: .gt
#ALL:ALL: .gu
#ALL:ALL: .gw
#ALL:ALL: .gy
#ALL:ALL: .hk
#ALL:ALL: .hm
#ALL:ALL: .hn
#ALL:ALL: .hr
#ALL:ALL: .ht
#ALL:ALL: .hu
#ALL:ALL: .id
#ALL:ALL: .ie
#ALL:ALL: .il
#ALL:ALL: .im
#ALL:ALL: .in
#ALL:ALL: .io
#ALL:ALL: .iq
#ALL:ALL: .ir
#ALL:ALL: .is
# .it italy
#ALL:ALL: .it
#ALL:ALL: .je
#ALL:ALL: .jm
#ALL:ALL: .jo
#ALL:ALL: .jp
#ALL:ALL: .ke
#ALL:ALL: .kg
#ALL:ALL: .kh
#ALL:ALL: .ki
#ALL:ALL: .km
#ALL:ALL: .kn
#ALL:ALL: .kp
# .kr kroatie
#ALL:ALL: .kr
#ALL:ALL: .kw
#ALL:ALL: .ky
#ALL:ALL: .kz
#ALL:ALL: .la
#ALL:ALL: .lb
#ALL:ALL: .lc
#ALL:ALL: .li
#ALL:ALL: .lk
#ALL:ALL: .lr
#ALL:ALL: .ls
#ALL:ALL: .lt
#ALL:ALL: .lu
#ALL:ALL: .lv
#ALL:ALL: .ly
#ALL:ALL: .ma
#ALL:ALL: .mc
#ALL:ALL: .md
#ALL:ALL: .mg
#ALL:ALL: .mh
#ALL:ALL: .mk
#ALL:ALL: .ml
#ALL:ALL: .mm
#ALL:ALL: .mn
#ALL:ALL: .mo
#ALL:ALL: .mp
#ALL:ALL: .mq
#ALL:ALL: .mr
#ALL:ALL: .ms
#ALL:ALL: .mt
#ALL:ALL: .mu
#ALL:ALL: .mv
#ALL:ALL: .mw
#ALL:ALL: .mx
#ALL:ALL: .my
#ALL:ALL: .mz
#ALL:ALL: .na
#ALL:ALL: .nc
#ALL:ALL: .ne
#ALL:ALL: .nf
#ALL:ALL: .ng
#ALL:ALL: .ni
#ALL:ALL: .nl
#ALL:ALL: .no
#ALL:ALL: .np
#ALL:ALL: .nr
#ALL:ALL: .nu
#ALL:ALL: .nz
#ALL:ALL: .om
#ALL:ALL: .pa
#ALL:ALL: .pe
#ALL:ALL: .pf
#ALL:ALL: .pg
#ALL:ALL: .ph
#ALL:ALL: .pk
# .pl poland
#ALL:ALL: .pl
#ALL:ALL: .pm
#ALL:ALL: .pn
#ALL:ALL: .pr
#ALL:ALL: .ps
#ALL:ALL: .pt
#ALL:ALL: .pw
#ALL:ALL: .py
#ALL:ALL: .qa
#ALL:ALL: .re
#ALL:ALL: .ro
# .ru russia 
#ALL:ALL: .ru
#ALL:ALL: .rw
#ALL:ALL: .sa
#ALL:ALL: .sb
#ALL:ALL: .sc
#ALL:ALL: .sd
#ALL:ALL: .se
#ALL:ALL: .sg
#ALL:ALL: .sh
#ALL:ALL: .si
#ALL:ALL: .sj
#ALL:ALL: .sk
#ALL:ALL: .sl
#ALL:ALL: .sm
#ALL:ALL: .sn
#ALL:ALL: .so
#ALL:ALL: .sr
#ALL:ALL: .st
#ALL:ALL: .sv
#ALL:ALL: .sy
#ALL:ALL: .sz
#ALL:ALL: .tc
#ALL:ALL: .td
#ALL:ALL: .tf
#ALL:ALL: .tg
#ALL:ALL: .th
#ALL:ALL: .tj
#ALL:ALL: .tk
#ALL:ALL: .tl
#ALL:ALL: .tm
#ALL:ALL: .tn
#ALL:ALL: .to
#ALL:ALL: .tp
#ALL:ALL: .tr
#ALL:ALL: .tt
#ALL:ALL: .tv
#ALL:ALL: .tw
#ALL:ALL: .tz
#ALL:ALL: .ua
#ALL:ALL: .ug
#ALL:ALL: .uk
#ALL:ALL: .um
#.us  .  United States
#ALL:ALL: .uy
#ALL:ALL: .uz
#ALL:ALL: .va
#ALL:ALL: .vc
#ALL:ALL: .ve
#ALL:ALL: .vg
#ALL:ALL: .vi
#ALL:ALL: .vn
#ALL:ALL: .vu
#ALL:ALL: .wf
#ALL:ALL: .ws
#ALL:ALL: .ye
#ALL:ALL: .yt
#ALL:ALL: .yu
#ALL:ALL: .za
#ALL:ALL: .zm
#ALL:ALL: .zw

Am i nuts or where is .com .net .org etc
or blocks .co .ne .or this ?
?
 
Old 03-02-2006, 09:48 AM   #7
sipsipi
Member
 
Registered: Dec 2005
Location: Chicago
Distribution: Fedora and Redhat
Posts: 86

Rep: Reputation: 15
I think I just googled for it or something. Try this out, let me know how it works.
 
Old 03-02-2006, 10:01 AM   #8
narmida
Member
 
Registered: Mar 2005
Location: Alphen aan den Rijn , netherlands
Distribution: core
Posts: 57

Original Poster
Rep: Reputation: 15
Am i nuts or where is .com .net .org etc
or blocks .co .ne .or this ?
?


Quote:
Originally Posted by sipsipi
I think I just googled for it or something. Try this out, let me know how it works.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
/etc/hosts.deny icedude Linux - Networking 3 01-12-2006 04:01 AM
hosts.allow & hosts.deny question... jonc Linux - Security 9 03-05-2005 09:41 PM
hosts.deny doesn't block an SSH attempt vmattila Linux - Security 4 11-14-2004 12:18 PM
Adding shell commands to hosts.deny and hosts.allow ridertech Linux - Security 3 12-29-2003 03:52 PM
hosts.deny and hosts.allow defaults? gui10 Linux - Security 5 12-20-2001 01:57 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:08 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration