Blocking an IP addrress

From: Nicholas Marouf (marouni@earlham.edu)
Date: 03/18/01

• Next message: Eric Anderson: "Re: Timecounter "TSC" frequency"
• Previous message: Rob Simmons: "Re: Timecounter "TSC" frequency"
• Next in thread: Brett Glass: "Re: Blocking an IP addrress"
• Reply: Brett Glass: "Re: Blocking an IP addrress"
• Reply: Alexandr Kovalenko: "Re: Blocking an IP addrress"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sun, 18 Mar 2001 16:41:28 -0500
From: Nicholas Marouf <marouni@earlham.edu>
To: "security FreeBSD.ORG" <security@FreeBSD.ORG>

Greetings,
    We've been getting many sendmail connections from 199.45.164.216 and
is causing sendmail to stop. This looks like a DOS however the admin of
that server says that sendmail on their side is sending mail out in
bacthes, and that they are taking a look into it.

But either way we would like to block it.

I've added deny all in hosts.allow for that ip
Also added in the access file REJECT for that ip address.

Those two still do not make a difference since connections keep on
opening up.

I've been trying to get ipfw to block it. but I get this error message.
Any advice would be much appreciated.

su-2.04# ps ax | grep sendmail
16180 ?? Ss 0:00.02 sendmail: accepting connections (sendmail)
16250 ?? S 0:00.03 sendmail: startup with 199.45.164.216
(sendmail)
16337 ?? I 0:00.00 sendmail: startup with 199.45.164.216
(sendmail)
16344 p2 R+ 0:00.00 grep sendmail

Thanks again..

Nick

--
Nicholas Marouf || Student System Administrator
http://www.ramallahonline.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• Next message: Eric Anderson: "Re: Timecounter "TSC" frequency"
• Previous message: Rob Simmons: "Re: Timecounter "TSC" frequency"
• Next in thread: Brett Glass: "Re: Blocking an IP addrress"
• Reply: Brett Glass: "Re: Blocking an IP addrress"
• Reply: Alexandr Kovalenko: "Re: Blocking an IP addrress"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: How to stop spammers bringing our server down? ... Particularly since upgrading the line from 512k to 8192k, the server ... exhaust the preconfigured sendmail connection limit, ... stop the attacker exhausting the max # of sendmail connections. ... attacker has moved to something else... ... (uk.telecom.broadband) Re: SMTP timeout issue ... It appears to be that the SMTP ... sendmail and 2 of the values are for three minutes, ... time before the above error message appears. ... Anyway, I suspected that Earthlink, which I was using for my smtp server, ... (comp.lang.tcl) Re: How to stop spammers bringing our server down? ... Particularly since upgrading the line from 512k to 8192k, the server ... exhaust the preconfigured sendmail connection limit, ... stop the attacker exhausting the max # of sendmail connections. ... blocking, so reaching the sendmail limit blocks the whole machine? ... (uk.telecom.broadband) Re: Blocking an IP addrress ... >is causing sendmail to stop. ... but I get this error message. ... (FreeBSD-Security) Re: Sendmail Messages ... the messages and syslog files constantly post   ... entries complaining about the lack of sendmail connections. ... (comp.unix.sco.misc)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2001-03