From owner-freebsd-ipfw@FreeBSD.ORG Tue Oct 4 02:04:15 2005 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1D9F816A41F for ; Tue, 4 Oct 2005 02:04:15 +0000 (GMT) (envelope-from asstec@matik.com.br) Received: from msrv.matik.com.br (msrv.matik.com.br [200.152.83.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6DECD43D45 for ; Tue, 4 Oct 2005 02:04:13 +0000 (GMT) (envelope-from asstec@matik.com.br) Received: from anb.matik.com.br (anb.matik.com.br [200.152.83.34] (may be forged)) by msrv.matik.com.br (8.13.3/8.13.1) with ESMTP id j9424CxB011050 for ; Mon, 3 Oct 2005 23:04:13 -0300 (BRST) (envelope-from asstec@matik.com.br) From: AT Matik Organization: Infomatik To: freebsd-ipfw@freebsd.org Date: Mon, 3 Oct 2005 23:03:47 -0300 User-Agent: KMail/1.8.2 References: <200510031816.26658.nb_root@videotron.ca> <200510040115.j941FmTm040763@banyan.cs.ait.ac.th> In-Reply-To: <200510040115.j941FmTm040763@banyan.cs.ait.ac.th> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200510032303.47805.asstec@matik.com.br> X-Filter-Version: 1.11a (msrv.matik.com.br) X-Virus-Scanned: ClamAV version 0.86.2, clamav-milter version 0.86 on msrv.matik.com.br X-Virus-Status: Clean Subject: Re: Automatically add attacks to deny list? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Oct 2005 02:04:15 -0000 On Monday 03 October 2005 22:15, Olivier Nicole wrote: > > Whenever someone tries a portscan or http server vulnerability scan on > > my=3D20 system, I have to manually add their ip in my /etc/ipfw.conf fi= le > > such as: add 100 deny all from xx.xxx.xxx.xxx to any > > so why you would do that at all? you have time left, ok , valid .. first without carefull analysis you may not have the real IP in your logs second, why block the IP you do not know if you real block "the guy" third, why block him at all, you tell him, I fear you and you had success, = go=20 on fucking me ... ))) fourth, if your server do not stand a scan then you better stay at home= =20 playing mahjong ((( fifth, you better let the attacker get to your website to buy the things yo= u=20 sell there, only stupid people close the door of their shop ... but probably you digged big holes already at the entrance of your street so= =20 that nobody can pass through anymore ;) but hpefully yo hint: best and cheapest firewall ever is cutting the wire :) Jo=E3o A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura. Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br