From owner-freebsd-security  Sun Mar 18 15: 0:52 2001
Delivered-To: freebsd-security@freebsd.org
Received: from lariat.org (lariat.org [12.23.109.2])
	by hub.freebsd.org (Postfix) with ESMTP id BFB9C37B719
	for <security@FreeBSD.ORG>; Sun, 18 Mar 2001 15:00:46 -0800 (PST)
	(envelope-from brett@lariat.org)
Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2])
	by lariat.org (8.9.3/8.9.3) with ESMTP id QAA02619;
	Sun, 18 Mar 2001 16:00:34 -0700 (MST)
Message-Id: <4.3.2.7.2.20010318155909.00e21530@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Sun, 18 Mar 2001 16:00:19 -0700
To: marouni@earlham.edu,
	"security FreeBSD.ORG" <security@FreeBSD.ORG>
From: Brett Glass <brett@lariat.org>
Subject: Re: Blocking an IP addrress
In-Reply-To: <3AB52B88.A09A4003@earlham.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Why not add a blackhole host route to that IP?

--Brett

At 02:41 PM 3/18/2001, Nicholas Marouf wrote:
  
>Greetings,
>    We've been getting many sendmail connections from 199.45.164.216 and
>is causing sendmail to stop.  This looks like a DOS however the admin of
>that server says that sendmail on their side is sending mail out in
>bacthes, and that they are taking a look into it.
>
>But either way we would like to block it.
>
>I've added deny all in hosts.allow for that ip
>Also added in the access file REJECT for that ip address.
>
>Those two still do not make a difference since connections keep on
>opening up.
>
>I've been trying to get ipfw to block it. but I get this error message.
>Any advice would be much appreciated.
>
>su-2.04# ps ax | grep sendmail
>16180  ??  Ss     0:00.02 sendmail: accepting connections (sendmail)
>16250  ??  S      0:00.03 sendmail: startup with 199.45.164.216
>(sendmail)
>16337  ??  I      0:00.00 sendmail: startup with 199.45.164.216
>(sendmail)
>16344  p2  R+     0:00.00 grep sendmail
>
>
>Thanks again..
>
>Nick
>
>
>--
>Nicholas Marouf || Student System Administrator
>http://www.ramallahonline.com
>
>
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message