Re: route add to block IP's
From: Ryan Yagatich (ryany@pantek.com)Date: 09/18/02
- Previous message: Chris Davis: "RE: route add to block IP's"
- In reply to: Joseph Monti: "route add to block IP's"
- Next in thread: Steve Wampler: "Re: route add to block IP's"
- Reply: Steve Wampler: "Re: route add to block IP's"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 17 Sep 2002 20:05:52 -0400 (EDT) From: Ryan Yagatich <ryany@pantek.com> To: Joseph Monti <monti@student.umass.edu>
Joe,
Adding routes to different networks to block addresses is probably
not the best of methods to go, however you may be interested in using
ipchains/iptables depending on your kernel version.
kernel 2.4.x - iptables
iptables -A INPUT -s <offending IP> -j DROP
kernel 2.2.x - ipchains
ipchains -A inpus -s <offending IP> -j DENY
for iptables, you can do some logging and the such so you know when they
are attempting to connect:
iptables -N kiddies
iptables -A kiddies -j LOG --log-prefix "Script Kiddie Log: " -m limit
--limit 1/m
iptables -A kiddies -j DROP
iptables -A INPUT -s <offending ip> -j kiddies
<offending ip> in each example can represent just the IP address itself as
well as a netblock via the CIDR notation. a quick example for CIDR looks
like this:
IP NETMASK CIDR
192.168.2.0 255.255.255.0 192.168.2.0/24
10.0.0.0 255.0.0.0 10.0.0.0/8
172.16.0.0 255.255.0.0 172.16.0.0/16
CIDR basically is just the number of bits in the netwokr mask.
here is a brief explanation of the iptables rules represented by
'kiddies'...
iptables -N kiddies # create a new empty chain called
# kiddies to handle anything that
# points to it
iptables -A kiddies -j LOG --log-prefix \
"Script Kiddie Log: " # this part logs a bit of
# information about the
# packet
-m limit --limit 1/m # this sets log limits to
# 1 per minute ( a nice
# feature to prevent
# flooding
iptables -A INPUT -s <offending ip> -j kiddies # this tells the <offending ip>
# source (-s) to go to the
# chain kiddies
more information is availble via the following links:
ipchains
http://www.netfilter.org/ipchains/
iptables
http://www.netfilter.org
http://www.linuxguruz.org/iptables/howto/iptables-HOWTO.html
I hope this helps at least a little, and if not i appologize.
Thanks,
Ryan Yagatich <support@pantek.com>
Pantek, Incorporated
(877) LINUX-FIX - (440) 519-1802
===================================
B5 50 A7 EE 0E D1 1E 15 CA B0 60 E2
B3 0A 95 4E 23 CA 7D AC 5F C6 63 9C
===================================
A bachelor is a selfish,
undeserving guy who has cheated
some woman out of a divorce. -- Don
Quinn
On Fri, 13 Sep 2002, Joseph Monti wrote:
>I've been an unfortunate target of various script-kiddies/worms and have
>configured apache to perform something like this on all incoming requests
>containing bad URI's:
>
>route -n add <evil IP> gw <bogus local host>
>
>The only concern I have is will this cause performance problems? I've got
>about 10 so far and I just put it up about 24hrs ago.
>
>Thanks,
>Joe Monti
>
- Previous message: Chris Davis: "RE: route add to block IP's"
- In reply to: Joseph Monti: "route add to block IP's"
- Next in thread: Steve Wampler: "Re: route add to block IP's"
- Reply: Steve Wampler: "Re: route add to block IP's"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
