ahhh of course,  parses the whole syslog each time, didn't think of that, 
thanks 
On 14/06/2010, at 1:01 PM, Lonnie Abelbeck wrote:

> Guy,
> 
> Your solution will only work for a minute or two, until the syslog is 
> re-examined and re-adds the banned host.
> 
> I suppose you could edit the /var/log/messages file and remove the unwanted 
> logs containing the valid IP address, but that is a little hackish.
> 
> Lonnie
> 
> 
> On Jun 13, 2010, at 9:49 PM, Guy Neale wrote:
> 
>> you could also do this to unban a banned IP
>> 
>> ssh or login to your AstLinux
>> 
>> type the following command to view banned IP's "iptables -L 
>> ADAPTIVE_BAN_CHAIN"
>> 
>> Count the line number to the ip address you wish to unban (see example 
>> below), eg in my example I want to unban 124.8.0.xxxx, which is on LINE 3
>> 
>> "iptables -D ADAPTIVE_BAN_CHAIN 3" deletes line 3 from being banned, If I 
>> wanted to unban 120.153.196.yyy (on LINE 4), I'd enter "iptables -D 
>> ADAPTIVE_BAN_CHAIN 4"
>> 
>> 
>> Example
>> Chain ADAPTIVE_BAN_CHAIN (2 references)
>> target     prot opt source               destination         
>> RETURN     all  --  10.8.0.0/24          anywhere            
>> RETURN     all  --  10.8.1.0/24          anywhere            
>> ADAPTIVE_BAN_DROP_CHAIN  all  --  124.8.0.xxx           anywhere            
>> ADAPTIVE_BAN_DROP_CHAIN  all  --  120.153.196.yyy      anywhere 
>> 
>> Guy
>> 
>> On 14/06/2010, at 12:22 PM, Lonnie Abelbeck wrote:
>> 
>>> 
>>> On Jun 13, 2010, at 7:27 PM, d...@ryson.org wrote:
>>> 
>>>> Hello all.  
>>>> 
>>>> I have good news; bad news; and a question... 
>>>> 
>>>> Here's the good news:  Adaptive Ban has proved very effective at killing 
>>>> break-in attempts from bad-guys.
>>>> 
>>>> The bad news is:  One of our off-site users tried to re-install a 
>>>> soft-phone on his laptop.  The user knew his new host address and username 
>>>> but not the secret.  Amazingly, the user repeatedly tried to register, 
>>>> which resulted in his dynamic IP address quickly being banned.
>>>> 
>>>> As you've likely guessed by now, the question is:  What's the best 
>>>> procedure for un-banning a host?  For now, I've just added the IP address 
>>>> to ADAPTIVE_BAN_WHITELIST, which seems to work.  Is there a better way?
>>>> 
>>>> I'd appreciate your thoughts.  
>>>> 
>>>> Dan
>>> 
>>> Adding a valid external user's IP address to the ADAPTIVE_BAN_WHITELIST is 
>>> the best approach, as you have done.
>>> 
>>> When the AstLinux box is rebooted, the RAM based syslog file will be 
>>> cleared and the valid user's dynamic IP will no longer be needed in the 
>>> whitelist, but does no  harm.
>>> 
>>> Lonnie
>>> 
>>> 
>>> ------------------------------------------------------------------------------
>>> ThinkGeek and WIRED's GeekDad team up for the Ultimate 
>>> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
>>> lucky parental unit.  See the prize list and enter to win: 
>>> http://p.sf.net/sfu/thinkgeek-promo
>>> _______________________________________________
>>> Astlinux-users mailing list
>>> Astlinux-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>>> 
>>> Donations to support AstLinux are graciously accepted via PayPal to 
>>> pay...@krisk.org.
>>> 
>>> 
>> 
>> ------------------------------------------------------------------------------
>> ThinkGeek and WIRED's GeekDad team up for the Ultimate 
>> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
>> lucky parental unit.  See the prize list and enter to win: 
>> http://p.sf.net/sfu/thinkgeek-promo_______________________________________________
>> Astlinux-users mailing list
>> Astlinux-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>> 
>> Donations to support AstLinux are graciously accepted via PayPal to 
>> pay...@krisk.org.
> 
> 
> ------------------------------------------------------------------------------
> ThinkGeek and WIRED's GeekDad team up for the Ultimate 
> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
> lucky parental unit.  See the prize list and enter to win: 
> http://p.sf.net/sfu/thinkgeek-promo
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
> 
> Donations to support AstLinux are graciously accepted via PayPal to 
> pay...@krisk.org.
> 
> 


------------------------------------------------------------------------------
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.

Reply via email to