adrian wrote: >On Sundayen den 5 May 2002 20.33, you wrote: > >>I have ipchains firewall offending >>adresses. >> >>There is one address, I don't understand, >>HOW it can still hit my server. >> >>The address is 65.192.156.2 >> >>This is *impossible*!!! >> >>No address can hit your server >>if you have them ipchained out! >> >>Is there something wrong with >>ipchains? >> >>__________________________________________________ >>Do You Yahoo!? >>Yahoo! Health - your guide to health and wellness >>http://health.yahoo.com >> >Can anyone help me configure Ipchains? i read the man pages but i still cant >understand how to do it please > > >------------------------------------------------------------------------ > >Want to buy your Pack or Services from MandrakeSoft? >Go to http://www.mandrakestore.com >
It depends on distro how you do this, and more recent distros do not have ipchains but rather iptables. You can do this two ways... Method 1: iptables -A input -s 65.192.156.2 DROP or iptables -A input -s 65.182.156.2 REJECT The reject sends the packet back marked as a reject, the drop just drops it and lets the other end timeout before it does something else. But the packets will continue to hit, just get dropped or rejected. If you search about Code Red and Nimda on Google, you will probably run across a script that sends a shutdown to the IIS server trying to send you all the packets. It may be considered a hostile attack to do that, but then what are the packets in the first place? At least the shutdown script will drive the sysadmin at the other end to investigate why he's being shut down. Civileme
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com