From owner-freebsd-questions@FreeBSD.ORG Sat Mar 5 01:09:35 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AEA12106564A for ; Sat, 5 Mar 2011 01:09:35 +0000 (UTC) (envelope-from Dave.Robison@fisglobal.com) Received: from mailoutltc.fnis.com (mailoutltc.fnis.com [199.200.24.190]) by mx1.freebsd.org (Postfix) with ESMTP id 72A678FC17 for ; Sat, 5 Mar 2011 01:09:35 +0000 (UTC) Received: from sbhfislrext02.fnfis.com ([192.168.249.140]) by SCSFISLTC01 (8.14.3/8.14.3) with ESMTP id p250RBTV002873 for ; Fri, 4 Mar 2011 18:27:11 -0600 Received: from sbhfisltcgw01.FNFIS.COM (Not Verified[10.132.248.121]) by sbhfislrext02.fnfis.com with MailMarshal (v6, 5, 4, 7535) id ; Fri, 04 Mar 2011 18:27:12 -0600 Received: from sbhfisltcgw01.FNFIS.COM ([10.132.248.121]) by sbhfisltcgw01.FNFIS.COM with Microsoft SMTPSVC(6.0.3790.4675); Fri, 4 Mar 2011 18:27:11 -0600 Received: from lefty.vicor.com ([10.132.254.136]) by sbhfisltcgw01.FNFIS.COM over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Fri, 4 Mar 2011 18:27:11 -0600 Message-ID: <4D71835D.3020007@fisglobal.com> Date: Fri, 04 Mar 2011 16:27:09 -0800 From: "Robison, Dave" User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.2.13) Gecko/20101222 Lightning/1.0b2 Thunderbird/3.1.7 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <3382016411-764985335@intranet.com.mx> <11805_1299196962_4D702C22_11805_70_1_D9B37353831173459FDAA836D3B43499BD354A48@WADPMBXV0.waddell.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 05 Mar 2011 00:27:11.0620 (UTC) FILETIME=[11C07440:01CBDACC] Subject: Re: Simplest way to deny access to a class C X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: david.robison@fisglobal.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Mar 2011 01:09:35 -0000 Check out portsentry perhaps? I used to use it quite a bit. Whenever someone would hit one of a number of defined ports, I'd automatically add a rule denying them in IPFW and also drop their route to a non-existent IP on my class C. On 03/04/11 16:14, Patrick Gibson wrote: > fail2ban by default only bans an IP for 10 minutes, and that's > configurable. It can also email you anytime it imposes a ban, so one > can keep an eye on things at least in the beginning to see if it's > causing a problem for legitimate users. > > On Thu, Mar 3, 2011 at 4:02 PM, Gary Gatten wrote: >> Be careful of automated responses. What if someone spoofs IP's of legit users / customers / whatever and your automated response blocks them? Not good. >> >> I thought about blocking....well, never mind - might pi$$ someone off and attract unwanted attention... >> >> -----Original Message----- >> From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Patrick Gibson >> Sent: Thursday, March 03, 2011 5:58 PM >> To: Jorge Biquez >> Cc: freebsd-questions@freebsd.org >> Subject: Re: Simplest way to deny access to a class C >> >> You might consider mod_security (/usr/ports/www/mod_security) which >> can be set up to ban hosts based on behaviour or characteristics. >> >> Or fail2ban (/usr/ports/security/py-fail2ban) is really great, too, in >> that it scans whatever logs you want, and can trigger a block in your >> firewall if enough violating log entries are found within a particular >> period of time. Everything is totally configurable, and there are >> plenty of examples that come with it. >> >> Patrick >> >> >> On Thu, Mar 3, 2011 at 8:59 AM, Jorge Biquez wrote: >>> Hello all. >>> >>> I am sorry in advance if this question sounds too stupid. >>> >>> I have a small server for personal use of webpages running: >>> >>> 7.3-PRERELEASE FreeBSD 7.3-PRERELEASE #0 >>> >>> it is working fine , no problem very stable. >>> >>> I just need to block some IP class C address that are always trying to >>> "discover" directories or applications under the web server. They do not do >>> and can not do anything since this server has nothing installed but i am >>> tired of seeing in the logs all the intents they do every 2-3 seconds. >>> >>> I have not installed any kind of firewall yet. >>> What do you think is the best way to accomplish this task? If possible the >>> easiest one. I do not want to do anything else but just bloc IP's, at this >>> moment at least. >>> >>> Thanks in advance. >>> >>> Jorge Biquez >>> >>> _______________________________________________ >>> freebsd-questions@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >>> >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >> >> >> >> >> >> >>
>>
>> "This email is intended to be reviewed by only the intended recipient >> and may contain information that is privileged and/or confidential. >> If you are not the intended recipient, you are hereby notified that >> any review, use, dissemination, disclosure or copying of this email >> and its attachments, if any, is strictly prohibited. If you have >> received this email in error, please immediately notify the sender by >> return email and delete this email from your system." >> >> >> > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > -- Dave Robison Sales Solution Architect II FIS Banking Solutions 510/621-2089 (w) 530/518-5194 (c) 510/621-2020 (f) daver@vicor.com david.robison@fisglobal.com _____________ The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you. _____________