Lyvim Xaphir wrote: > On Fri, 2002-06-28 at 13:15, daRcmaTTeR wrote: > > >>what I do with them when I get their IP address I put it in the >>/etc/hosts.deny file and they never get a second chance at my server. I >>make two entries for the one. > > > Whew...I run Portsentry and the /etc/hosts.deny gets updated > automatically, and at machine speeds. It also gives them a cute message > on the port they're scanning before they get locked out. I.E: > > PORT_BANNER="** UNAUTHORIZED ACCESS PROHIBITED *** YOUR CONNECTION > ATTEMPT HAS BEEN LOGGED. GO AWAY." > > > After that the scan attempt is saved to logfile, which I eventually keep > on CD. > > Legit services arent affected. > > > >> 1) 61.56.8.254 >> 2) 61.56.8.0 >> >>the second entry is that in case they're using a dialup and the last octet >>changes then they're not getting back in cause that entire subnet is being >>blocked. >> >>-- >>daRmaTTeR > > > HTH, LX
yeah...my machine works the same way on "scan attempts" however I don't have unauthorized ftp server attempts automated that way. I like to know about those and if I automate that process sooner or later I'd forget about it even happening and I might get lazy and sloppy and then...well, bad things happen when people get lazy and sloppy, ya know? -- daRcmaTTeR ---------- Registered Linux User 182496
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
