On Sat, 18 Jan 2003 18:43:54 -0500 Mark Weaver <[EMAIL PROTECTED]> wrote:
> Ralph, > > Thats something I've not yet done. Just exactly how does one do that > to an incoming connection. I'd be real interested to learn. > > -- > Mark Well, I use portsentry (http://www.psionic.com/products/portsentry.html), which basically watches the incomming connections, and if certain ports are accessed, then it drops all connections (on any port) from that IP. Give it a try, as it works great. I am presuming here you use iptables for your firewall? Whether you use firestarter or have an iptables script it doesn't matter, portsentry overrides it all with a block. The idea behind it is to block hackers, like when they portscan you to check what's open, or trojans from spreading info / data. I have a script that sends me an email with every attack. Actually while I'm writing this, I just got another attempt, but this one is from Canada (yeah, who is it?!?): Date: Sun, 19 Jan 2003 00:49:35 +0100 (CET) Portscan on 635 detected from 216.208.52.104 Blocking all connections from host Log History =========== Jan 19 00:49:33 axljab portsentry[25540]: attackalert: Connect from host: HSE-Kitchener-ppp78693.sympatico.ca/216.208.52.104 to TCP port: 635 Jan 19 00:49:33 axljab portsentry[25540]: attackalert: Host 216.208.52.104 has been blocked via wrappers with string: "ALL: 216.208.52.104" Jan 19 00:49:33 axljab portsentry[25540]: attackalert: Host 216.208.52.104 has been blocked via dropped route using command: "/sbin/iptables -I INPUT -s 216.208.52.104 -j DROP" Whois Report: ============= OrgName: Bell Canada OrgID: LINX NetRange: 216.208.0.0 - 216.209.255.255 CIDR: 216.208.0.0/15 NetName: BELLCANADA-4 NetHandle: NET-216-208-0-0-1 Parent: NET-216-0-0-0-0 NetType: Direct Allocation NameServer: NS3.BELLGLOBAL.COM NameServer: NS4.BELLGLOBAL.COM Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE RegDate: 1999-03-12 Updated: 1999-09-10 TechHandle: PD135-ARIN TechName: Daoust, Philippe TechPhone: +1-800-450-7771 TechEmail: [EMAIL PROTECTED] OrgTechHandle: SYSAD1-ARIN OrgTechName: Sys Admin OrgTechPhone: +1-613-785-0886 OrgTechEmail: [EMAIL PROTECTED] Hope this helps Ralph -- http://tuxpower.f2g.net/ http://axljab.homelinux.org:8080/ "I have opinions of my own, strong opinions, but I don't always agree with them." - George H. W. Bush
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com