On Fri, 2002-06-28 at 13:15, daRcmaTTeR wrote: > what I do with them when I get their IP address I put it in the > /etc/hosts.deny file and they never get a second chance at my server. I > make two entries for the one.
Whew...I run Portsentry and the /etc/hosts.deny gets updated automatically, and at machine speeds. It also gives them a cute message on the port they're scanning before they get locked out. I.E: PORT_BANNER="** UNAUTHORIZED ACCESS PROHIBITED *** YOUR CONNECTION ATTEMPT HAS BEEN LOGGED. GO AWAY." After that the scan attempt is saved to logfile, which I eventually keep on CD. Legit services arent affected. > 1) 61.56.8.254 > 2) 61.56.8.0 > > the second entry is that in case they're using a dialup and the last octet > changes then they're not getting back in cause that entire subnet is being > blocked. > > -- > daRmaTTeR HTH, LX -- ��������������������������������������������������� Kernel 2.4.18-6mdk Mandrake Linux 8.2 Enlightenment 0.16.5-11mdk Evolution 1.0.2-5mdk Registered Linux User #268899 http://counter.li.org/ ���������������������������������������������������
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
