Blocking an IP addrress

From: Nicholas Marouf (marouni@earlham.edu)
Date: 03/18/01


Date: Sun, 18 Mar 2001 16:41:28 -0500
From: Nicholas Marouf <marouni@earlham.edu>
To: "security FreeBSD.ORG" <security@FreeBSD.ORG>

Greetings,
    We've been getting many sendmail connections from 199.45.164.216 and
is causing sendmail to stop. This looks like a DOS however the admin of
that server says that sendmail on their side is sending mail out in
bacthes, and that they are taking a look into it.

But either way we would like to block it.

I've added deny all in hosts.allow for that ip
Also added in the access file REJECT for that ip address.

Those two still do not make a difference since connections keep on
opening up.

I've been trying to get ipfw to block it. but I get this error message.
Any advice would be much appreciated.

su-2.04# ps ax | grep sendmail
16180 ?? Ss 0:00.02 sendmail: accepting connections (sendmail)
16250 ?? S 0:00.03 sendmail: startup with 199.45.164.216
(sendmail)
16337 ?? I 0:00.00 sendmail: startup with 199.45.164.216
(sendmail)
16344 p2 R+ 0:00.00 grep sendmail

Thanks again..

Nick

--
Nicholas Marouf || Student System Administrator
http://www.ramallahonline.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message