block ip address/hosts
Grr...I've seen a couple of threads here about script kiddies trying to hack into systems.
I got a hostname of someone who was probing my root password. Some dork from .jp. Is there a way that I can block their IP address from trying again? I'm not very familure with ipchains. I want somethink quick and painless. (Aside: ) I would love to see a script that creates some sort of feedback loop; script kiddies attempt to hack, a deamon respons by hacking the kiddie with a DOS attack, making sure they won't compromise anyone else. just a though. REVENGE OF THE GEEKS! Viva la TUX! |
Sohmc, with kernel 2.4 and up, iptables is the preferred firewall.
I am not sure if you already have any iptables rules set. You can however add iptables -A INPUT -i eth0 -s <dork's ip> -j DROP and iptables -A FORWARD -i eth0 -s <dork's ip> -j DROP this should take care of DorkSan. If you have any particular service under attack, say sshd, you can put an entry in your /etc/hosts.deny as sshd: <dork's IP> ALL: <dork's IP> this will deny dork from accessing any of your services that are listening on the net. |
thanks. Hopefully this will take care of that!
EDIT: will iptables save this information and reload it? or do I need to add a line to my rc.local? |
As I see Fedora core listed as your distribution, I assume you use Fedora core 1.
Do you already have any iptables rules? You can check that by running the following command as root /sbin/iptables -nvL You can run /sbin/iptables save to save your iptables rules to be loaded at boot. |
All times are GMT -5. The time now is 10:41 AM. |