LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-22-2010, 01:15 AM   #1
tkmsr
Member
 
Registered: Oct 2006
Distribution: Ubuntu,Open Suse,Debian,Mac OS X
Posts: 798

Rep: Reputation: 39
Sharing hosts.deny


I wanted to know if there is any place where people have shared these IPs which needs to be blocked I feel most of the time the entries must be common though not always.So if hosts.deny file is shared some where then give a link.(I do use auth.log to block)
 
Old 10-22-2010, 01:18 AM   #2
prayag_pjs
Senior Member
 
Registered: Feb 2008
Location: Pune - India
Distribution: RHEL/Ubuntu/Debian/Fedora/Centos/K3OS
Posts: 1,159
Blog Entries: 4

Rep: Reputation: 149Reputation: 149
Hi,

Which IP's you are taking about?

You want to block some spam IP's?
 
Old 10-22-2010, 01:37 AM   #3
tkmsr
Member
 
Registered: Oct 2006
Distribution: Ubuntu,Open Suse,Debian,Mac OS X
Posts: 798

Original Poster
Rep: Reputation: 39
No I want to block ssh originating from China,Korea,Taiwan and such part of world
in /etc/hosts.deny.
Most of the Dictionary attacks on my server are from those parts of the world.

Last edited by tkmsr; 10-22-2010 at 01:38 AM.
 
Old 10-22-2010, 01:43 AM   #4
prayag_pjs
Senior Member
 
Registered: Feb 2008
Location: Pune - India
Distribution: RHEL/Ubuntu/Debian/Fedora/Centos/K3OS
Posts: 1,159
Blog Entries: 4

Rep: Reputation: 149Reputation: 149
There may be so many.Ho will you track for new ones every day?
Better implicitly deny all and allow only trusted ip's/user's
Better use iptables firewall to do this!
 
Old 10-22-2010, 01:47 AM   #5
tkmsr
Member
 
Registered: Oct 2006
Distribution: Ubuntu,Open Suse,Debian,Mac OS X
Posts: 798

Original Poster
Rep: Reputation: 39
That is what I want to know I want to block the IPs which belong to China,Korea or Taiwan is there such a list which gives information which IPs are from these countries.
I will block those countries IPTABLE or hosts.deny what ever.

Last edited by tkmsr; 10-22-2010 at 01:54 AM.
 
Old 10-22-2010, 01:51 AM   #6
prayag_pjs
Senior Member
 
Registered: Feb 2008
Location: Pune - India
Distribution: RHEL/Ubuntu/Debian/Fedora/Centos/K3OS
Posts: 1,159
Blog Entries: 4

Rep: Reputation: 149Reputation: 149
Hi,

Try this links

http://www.countryipblocks.net/count...s=Submit+Query

http://www.linuxquestions.org/questi...-taiwan-360119

http://www.parkansky.com/china.htm
 
Old 10-22-2010, 07:13 AM   #7
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by tkmsr View Post
That is what I want to know I want to block the IPs which belong to China,Korea or Taiwan is there such a list which gives information which IPs are from these countries.
I will block those countries IPTABLE or hosts.deny what ever.
There's an example of how to do this right here on LQ.
 
Old 10-22-2010, 07:25 AM   #8
tkmsr
Member
 
Registered: Oct 2006
Distribution: Ubuntu,Open Suse,Debian,Mac OS X
Posts: 798

Original Poster
Rep: Reputation: 39
Thats cool.
 
Old 10-22-2010, 10:25 AM   #9
DJCharlie
Member
 
Registered: Sep 2010
Posts: 37

Rep: Reputation: 4
You know, I've been thinking about this for a while now. We have several places online for reporting spam (SpamHaus, etc), so why not a place to report incoming ssh/ftp attacks?

Quote:
Originally Posted by tkmsr View Post
I wanted to know if there is any place where people have shared these IPs which needs to be blocked I feel most of the time the entries must be common though not always.So if hosts.deny file is shared some where then give a link.(I do use auth.log to block)
 
Old 10-22-2010, 11:05 AM   #10
djsmiley2k
Member
 
Registered: Feb 2005
Location: Coventry, UK
Distribution: Home: Gentoo x86/amd64, Debian ppc. Work: Ubuntu, SuSe, CentOS
Posts: 343
Blog Entries: 1

Rep: Reputation: 72
Quote:
Originally Posted by DJCharlie View Post
You know, I've been thinking about this for a while now. We have several places online for reporting spam (SpamHaus, etc), so why not a place to report incoming ssh/ftp attacks?
I think DShield does this, as part of SANS
 
1 members found this post helpful.
Old 10-22-2010, 11:42 AM   #11
tkmsr
Member
 
Registered: Oct 2006
Distribution: Ubuntu,Open Suse,Debian,Mac OS X
Posts: 798

Original Poster
Rep: Reputation: 39
That was helpful.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
can't restrict sshd access through hosts.allow and hosts.deny but was working earlier farhan Linux - Security 4 04-18-2008 07:41 AM
Feisty: hosts.allow hosts.deny not present Thane Ubuntu 1 07-08-2007 01:16 PM
/etc/hosts.deny/hosts.allow have no effect on sshd access bganesh Linux - Security 4 05-04-2006 08:06 PM
hosts.allow & hosts.deny question... jonc Linux - Security 9 03-05-2005 09:41 PM
Adding shell commands to hosts.deny and hosts.allow ridertech Linux - Security 3 12-29-2003 03:52 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:54 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration