From owner-freebsd-questions@FreeBSD.ORG Sat Mar 5 00:30:39 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1F66B1065676 for ; Sat, 5 Mar 2011 00:30:39 +0000 (UTC) (envelope-from outbackdingo@gmail.com) Received: from mail-ew0-f54.google.com (mail-ew0-f54.google.com [209.85.215.54]) by mx1.freebsd.org (Postfix) with ESMTP id 9BA988FC12 for ; Sat, 5 Mar 2011 00:30:38 +0000 (UTC) Received: by ewy28 with SMTP id 28so911088ewy.13 for ; Fri, 04 Mar 2011 16:30:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=Tuf7DFBtT/eLxZnQKg/773FmYVPHCVAJ8O2B3yuNSm0=; b=juOyqX4LsetsF4y7NIooEnDCNBEghlmTUFhXznxkw4HQxfgMT9VrahI+idlqj/c5rR urvobRYzyS8K8xAWMy9rq1xJOYbUxZbz5JSRcixBcySm+lp+dclrU3u+42mrba+G3y04 W1enr0ZRhnJy6BGC9s6/s8WmWnI8zvTDagd0M= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=b0sJ304GnZecj6fqYAgbUdEX1nNuYVcJW0xJYAmf/0JPX39EadDCgLbro4FRclZNbE mi/ZtmgCbhXXqOWr39Og9zn/bZydZ2WaZ0Q+rAdArzNmp7c62Ac2qhnyxxXmnmND5SO9 JpojY00ahMWi1vQXmEDN+Klazg6tWsGBwdOyk= MIME-Version: 1.0 Received: by 10.14.134.15 with SMTP id r15mr886989eei.30.1299285037254; Fri, 04 Mar 2011 16:30:37 -0800 (PST) Received: by 10.14.48.75 with HTTP; Fri, 4 Mar 2011 16:30:37 -0800 (PST) In-Reply-To: References: <3382016411-764985335@intranet.com.mx> <11805_1299196962_4D702C22_11805_70_1_D9B37353831173459FDAA836D3B43499BD354A48@WADPMBXV0.waddell.com> Date: Fri, 4 Mar 2011 19:30:37 -0500 Message-ID: From: Outback Dingo To: Patrick Gibson Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Jorge Biquez , Gary Gatten , "freebsd-questions@freebsd.org" Subject: Re: Simplest way to deny access to a class C X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Mar 2011 00:30:39 -0000 On Fri, Mar 4, 2011 at 7:14 PM, Patrick Gibson wrote: > fail2ban by default only bans an IP for 10 minutes, and that's > configurable. It can also email you anytime it imposes a ban, so one > can keep an eye on things at least in the beginning to see if it's > causing a problem for legitimate users. > > On Thu, Mar 3, 2011 at 4:02 PM, Gary Gatten wrote: > > Be careful of automated responses. What if someone spoofs IP's of legit > users / customers / whatever and your automated response blocks them? Not > good. > > > > I thought about blocking....well, never mind - might pi$$ someone off and > attract unwanted attention... > > > > -----Original Message----- > > From: owner-freebsd-questions@freebsd.org [mailto: > owner-freebsd-questions@freebsd.org] On Behalf Of Patrick Gibson > > Sent: Thursday, March 03, 2011 5:58 PM > > To: Jorge Biquez > > Cc: freebsd-questions@freebsd.org > > Subject: Re: Simplest way to deny access to a class C > > > > You might consider mod_security (/usr/ports/www/mod_security) which > > can be set up to ban hosts based on behaviour or characteristics. > > > > Or fail2ban (/usr/ports/security/py-fail2ban) is really great, too, in > > that it scans whatever logs you want, and can trigger a block in your > > firewall if enough violating log entries are found within a particular > > period of time. Everything is totally configurable, and there are > > plenty of examples that come with it. > > > > Patrick > > > > > > On Thu, Mar 3, 2011 at 8:59 AM, Jorge Biquez > wrote: > >> Hello all. > >> > >> I am sorry in advance if this question sounds too stupid. > >> > >> I have a small server for personal use of webpages running: > >> > >> 7.3-PRERELEASE FreeBSD 7.3-PRERELEASE #0 > >> > >> it is working fine , no problem very stable. > >> > >> I just need to block some IP class C address that are always trying to > >> "discover" directories or applications under the web server. They do not > do > >> and can not do anything since this server has nothing installed but i am > >> tired of seeing in the logs all the intents they do every 2-3 seconds. > >> > >> I have not installed any kind of firewall yet. > >> What do you think is the best way to accomplish this task? If possible > the > >> easiest one. I do not want to do anything else but just bloc IP's, at > this > >> moment at least. > I wonder why nobodies mentioned a quite simple method with tcpwrappers and hosts.allow / hosts.deny also > >> > >> Thanks in advance. > >> > >> Jorge Biquez > >> > >> _______________________________________________ > >> freebsd-questions@freebsd.org mailing list > >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions > >> To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > >> > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > > > > > > > > > > > > > >
> >
> > "This email is intended to be reviewed by only the intended recipient > > and may contain information that is privileged and/or confidential. > > If you are not the intended recipient, you are hereby notified that > > any review, use, dissemination, disclosure or copying of this email > > and its attachments, if any, is strictly prohibited. If you have > > received this email in error, please immediately notify the sender by > > return email and delete this email from your system." > > > > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >