Re: blocking I.P. addresses/ranges
From: Garrett Wollman (wollman@khavrinen.lcs.mit.edu)
Date: 07/19/01
- Next message: Matt Dillon: "Re: FreeBSD remote root exploit ?"
- Previous message: Ralph Huntington: "Re: Fw: Re: A question about FreeBSD security"
- In reply to: Walter Hop: "Re: blocking I.P. addresses/ranges"
- Next in thread: Rafał Banaszkiewicz: "Re: blocking I.P. addresses/ranges"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 19 Jul 2001 12:13:19 -0400 (EDT) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: Walter Hop <walter@binity.com>
<<On Thu, 19 Jul 2001 14:53:35 +0200, Walter Hop <walter@binity.com> said:
> [in reply to default013subscriptions@hotmail.com, 19-07-2001]
>> I know there is a way to block I.P. addresses/I.P. ranges in Linux by using
>> something like 'route add 24.198.54.0 deny' etc... I assume that there must
>> be a similar way to do this in FreeBSD...
> In FreeBSD, you can do this for instance with the ``ipfw'' tool.
Or, without recourse to the packet-filtering code, using:
route add -net aa.bb.cc.dd -netmask (some mask) -interface lo0 -reject
However, there is an important caveat to doing this: adding such a
route does not prevent the other party from sending packets to you; it
only prevents your machine from responding. Thus, it does not help
against those attacks which do not require a response.
-GAWollman
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Matt Dillon: "Re: FreeBSD remote root exploit ?"
- Previous message: Ralph Huntington: "Re: Fw: Re: A question about FreeBSD security"
- In reply to: Walter Hop: "Re: blocking I.P. addresses/ranges"
- Next in thread: Rafał Banaszkiewicz: "Re: blocking I.P. addresses/ranges"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
