Re: Question about blocking IP's

---

• From: "yas_chan" <nestor_kun@xxxxxxxxxxx>
• Date: 30 Dec 2005 14:23:40 -0800

---

Thanks Robert for wonderful info. I believe my computer is configured
to use hosts.deny file. I have portsentry running and also in my
/var/log/messages there are lines like

Host 172.88.88.88 has been blocked via wrappers with string: "All:
172.88.88.88"

Do you think so?

Also in my var/log/messages there are lines like:

Attackalert: TCP/SYN/Normal scan from host: xx.xx.xx.xx to TCP port:
143
Attackalert: host: xx.xx.xx.xx has been blocked via dropped route using
command:
"/usr/local/bin/iptables -I INPUT -s xx.xx.xx -j DROP"

Also the hosts.deny file seems growing larger in time. Does portsentry
add the IP addresses to hosts.deny file? Please explain a little the
basics.

Thank you!

.

---

• Follow-Ups:
  • Re: Question about blocking IP's
    • From: Moe Trin
  • Re: Question about blocking IP's
    • From: yas_chan

• References:
  • Question about blocking IP's
    • From: nestor_kun
  • Re: Question about blocking IP's
    • From: Robert Harris

• Prev by Date: Re: Routing problem
• Next by Date: Re: Question about blocking IP's
• Previous by thread: Re: Question about blocking IP's
• Next by thread: Re: Question about blocking IP's
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Newsgroups  > comp.os.linux.networking  > 2005-12