Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 11 Jun 2006 11:14:03 -0400
From:      "fbsd" <fbsd@a1poweruser.com>
To:        "Dan Mahoney, System Admin" <danm@prime.gushi.org>
Cc:        questions@freebsd.org
Subject:   RE: Deny large number of IPs via ipfw
Message-ID:  <MIEPLLIBMLEEABPDBIEGEEFDHIAA.fbsd@a1poweruser.com>
In-Reply-To: <20060611103434.S1979@prime.gushi.org>

next in thread | previous in thread | raw e-mail | index | archive | help
This is still wasted busy work. There are much simpler ways to stop
ssh false login attempts and garbage to website guest books.

In ipfw use rule limit option or change port number ssh uses and
only give your ssh port number to your user group. And for all
websites add a noise image to stop robots from auto entering
garbage.  You should use the correct tools instead of some over kill
method.
3 million ip table entry's is plain stupid. I fired my system admin
when I caught him trying to do the same stupid thing.

-----Original Message-----
From: Dan Mahoney, System Admin [mailto:danm@prime.gushi.org]
Sent: Sunday, June 11, 2006 10:43 AM
To: fbsd
Cc: questions@freebsd.org
Subject: RE: Deny large number of IPs via ipfw


On Sun, 11 Jun 2006, fbsd wrote:

> Using such an list of ip address from a major rbl is flawed at the
> core of the idea.
> Over 85% of those 3 million ip address are spoofed in the first
> place.
> Most are what would be called false positives.
>
> Reread the info at the source cbl.abuseat.org it says the data is
> not intended to be used the way you are trying to use it.

All it says is: "We're getting a lot of reports of spurious blocking
caused by sites using the CBL to block authenticated access to
smarthosts
/ outgoing mail servers. THE CBL is only designed to be used on
INCOMING
mail, i.e. on the hosts that your MX records point to."

Which I take to mean, yeah, if you're using it on sendmail, you
allow SMTP
AUTH to override blacklists (this is the case by default.)

Whereas my intention would be to use it to block ports such as 80
and 22.
Every system I've found trying to brute-force SSH on my box has
already
been in this database, and by using mod_access_rbl for apache I was
able
to catch and block a dozen or so attempts to post spammish content
to
guestbooks and the like (but I'd like to do this without the
overhead of
apache DNS lookups).

Thanks for your input, though.

-Dan

>
> You really need to rethink what you are doing.
>
>
>
>
> -----Original Message-----
> From: owner-freebsd-questions@freebsd.org
> [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Dan
> Mahoney,
> System Admin
> Sent: Sunday, June 11, 2006 8:36 AM
> To: questions@freebsd.org
> Subject: Deny large number of IPs via ipfw
>
>
> Hey all,
>
> I've got a file that I just synced from a major RBL, and I'd like
to
> just
> use it to globally deny access to my system.  Is there an easy way
> to do
> this within ipfw -- the file is about 3 *million* lines, and is
from
> cbl.abuseat.org.
>
> -Dan
>
> --
>
> "SOY BOMB!"
>
> -The Chest of the nameless streaker of the 1998 Grammy Awards' Bob
> Dylan
> Performance.
>
> --------Dan Mahoney--------
> Techie,  Sysadmin,  WebGeek
> Gushi on efnet/undernet IRC
> ICQ: 13735144   AIM: LarpGM
> Site:  http://www.gushi.org
> ---------------------------
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"
>

--

"I am a professional drinker, and I know that that was NOT Jose
Cuervo!"

"Well, what was it then?"

"I think it was some mixture of Rubbing Alcohol, and Desenex(TM)
Foot
Powder, because my feet feel okay, and my back doesn't hurt, but my
stomach is killing me!"

-Dan Mahoney, Costa Rica, August 12th, 1994

--------Dan Mahoney--------
Techie,  Sysadmin,  WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144   AIM: LarpGM
Site:  http://www.gushi.org
---------------------------




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGEEFDHIAA.fbsd>