Re: how to block everything from an entire /24

2001-04-18 Thread Chris Wagner
The better way is to block it at the router. Once you figure it out, blocking subnets is trivial and much more resource effective than having your firewall do it. Read your router's documention about ACL's, access control lists. At 08:37 AM 4/16/01 -0400, Peter Billson wrote: > You need to *qu

Re: how to block everything from an entire /24

2001-04-18 Thread Chris Wagner
The better way is to block it at the router. Once you figure it out, blocking subnets is trivial and much more resource effective than having your firewall do it. Read your router's documention about ACL's, access control lists. At 08:37 AM 4/16/01 -0400, Peter Billson wrote: > You need to *q

Re: how to block everything from an entire /24

2001-04-16 Thread Peter Billson
Haim Dimermanas wrote: > This raises a question in my mind. There is a database of known spam > relays (the RBL). I was wondering if the same kind of database is > available for known "black hats" ip blocks. There is the attack registry at http://aris.securityfocus.com/ Basically Network secur

Re: how to block everything from an entire /24

2001-04-16 Thread Peter Billson
Haim Dimermanas wrote: > This raises a question in my mind. There is a database of known spam > relays (the RBL). I was wondering if the same kind of database is > available for known "black hats" ip blocks. There is the attack registry at http://aris.securityfocus.com/ Basically Network secu

Re: how to block everything from an entire /24

2001-04-16 Thread Peter Billson
Haim Dimermanas wrote: > > > > and also, how do i block out everything coming from 203.167.117.0/24? > > ipchains -A input -i eth0 -s 203.167.117.0/24 -j DENY -l > > ipchains -A output -i eth0 -d 203.167.117.0/24 -j DENY -l > > Pete, > > He says "coming from". Are you sure about the second

Re: how to block everything from an entire /24

2001-04-16 Thread Peter Billson
Your firewall (ipchains) is denying packets. This line shows packets coming in to the machine over eth0 from 203.167.117.88 on port 1053 (an unprivileged port) destined for 209.61.158.13, port 80 (WWW). This would be a normal http connection if you are running a web server on 209.61.158.13 and eth0

Re: how to block everything from an entire /24

2001-04-16 Thread Peter Billson
Haim Dimermanas wrote: > > > > and also, how do i block out everything coming from 203.167.117.0/24? > > ipchains -A input -i eth0 -s 203.167.117.0/24 -j DENY -l > > ipchains -A output -i eth0 -d 203.167.117.0/24 -j DENY -l > > Pete, > > He says "coming from". Are you sure about the second

Re: how to block everything from an entire /24

2001-04-16 Thread Peter Billson
Your firewall (ipchains) is denying packets. This line shows packets coming in to the machine over eth0 from 203.167.117.88 on port 1053 (an unprivileged port) destined for 209.61.158.13, port 80 (WWW). This would be a normal http connection if you are running a web server on 209.61.158.13 and eth