Re: deny access

From: John R. Morris (jrmorris_at_nerdality.com)
Date: 11/26/04

  • Next message: Derek Fountain: "When nmap can't ID the OS..."
    Date: Thu, 25 Nov 2004 22:22:04 -0500
    To: Carlos Garcia <carlosg@cabonet.net.mx>
    
    

    Carlos Garcia wrote:

    > newbie question how can i block this ip 216.212.33.185 i have a cisco
    > 7200 this ip is trying to send mail with my server, i did not
    > configure the router so i dont know how to do this any help?
    >
    >
    > Atte.
    > Carlos A. Garcia G.
    > Cabonet Staff
    > Tel (624) 14 30120
    >

     From your question, I gather that:
    A> You have a 7200; so this is a business presumably and not home?
    B> You didn't configure it, and don't know much about Cisco's or IOS.

    If A&B are true. Don't mess with the router. Whatever is problematic
    about this situation will not be made better by "fixing" the router.

    If A is wrong and it's your home router, by all means, feel free to play
    with it and learn, after assuring you have adequate reference material
    downloaded & saved locally, and the first thing to learn is how to copy
    the config off to a TFTP server.

    -Then-

    Check out Cisco ACLs:
    http://www.nwc.com/907/907ws1.html
    http://www.routergod.com/donking/

    Further googling on Cisco IOS & ACL will be of help.

    You could also add a static route to that ip using the route command,
    but that's not the right way to implement this, as traffic inbound from
    that ip will still arrive (responses will just get misrouted).
    Definitely implement enough ACL on your router to at least prevent
    spoofed IPS and other bogus address-space (you can add a deny for this
    host there if you wish).

    You may also want to consider host based firewalls (IPtables, etc) for
    your mail server, it's pretty easy to block an IP on a given host.

    Finally, don't use your router as a firewall. While it's appropriate to
    use ACL for ingress/egress filtering of invalid addresses and such, and
    if you squint, lower port numbers or blocking access to a NFS server or
    such, if you find yourself doing a lot of this, you need a firewall in
    addition to a router. Firewalls are much more powerful and useful in
    doing this than your router, including stateful inspection and so forth.

    Thirdly, if your mail server is *allowing* someone to send mail that has
    no legitimate reason to be sending mail, you don't just need to block
    their IP, you need to fix your mail server to not be an open relay.
    Otherwise, if they are just hammering your bandwidth/server definitely
    block the IP at the router or host level, whichever is easier.

    If you just quickly want to stop someone from that IP sending mail
    through your server:
    Do this (OS really doesn't matter, the syntax might vary a bit) from a
    shell or command prompt on that server:
    Windows: route add 216.212.33.185 MASK 255.255.255.255 <your server IP here>
    *Windows is messed up that way, on most other OSes you can route to
    loopback... sigh.
    Unix/Linux: route add -host 216.212.33.185 127.0.0.1

    Then, after that, proceed to look into more useful forms of host
    firewalls, fixing your mailer's open relay if that is what's the root
    problem, etc. Feel free to post a more detailed account of what's wrong
    and folks on here will try to point you in the right direction. That
    null route will at least alleviate the immediate problem, if they are
    using TCP to talk to your mail server (25/TCP is pretty standard so I
    would think so), and allow you to proceed.

    Well, I'm headed back to the turkey and television now.

    Later.

    ~John


  • Next message: Derek Fountain: "When nmap can't ID the OS..."

    Relevant Pages

    • ~~~~~~~~~~~~~~ IP ADDRESS ~~~~~~~~~~~~~~
      ... block my ip address vista windows ... change public ip address linksys router ... setting up a network ip address ... warcraft server ip address ...
      (sci.misc)
    • Re: SBS 2003 Misconfigured?
      ... I've thrown quite a bit at them, and just have to disagree that they are inherently less secure than the netgear. ... setup DHCP and I have also gone in and manually created a new scope ... when I first used the Netgear router with SBS 2003, ... than one SBS server in a company makes no sense. ...
      (microsoft.public.windows.server.sbs)
    • Re: Cannot connect to RWW from home PC
      ... eth0 172.26.0.1/16 Extra none ... That would be the address you need a DNS record for. ... One question - if I reset the Thomson Router will that clear all the ... Heres' the info for our server: ...
      (microsoft.public.windows.server.sbs)
    • Re: Setup of Router machine with FreeBSD
      ... I experienced connection problem from server machineto ... router interface. ... the IP of network cards correctly and connect them with cable. ... It seems to me your problem is in your route configuration. ...
      (freebsd-questions)
    • Re: NLB Cluster - Ping fails or long time to reply from outside local subnet - SOLVED
      ... Windows Server 2008 Readiness Team ... I was feeling nervous about our teaming-capable adapter as I read it might be sending out heartbeats, so I disabled it AND configured the cluster on a separate DLink card in multicast mode. ... I am losing the plot with NLB, I have spent a week trying to get it working. ... I thought that the litmus test was that the router functions fine when no NLB is installed, but when it is, things start going screwy. ...
      (microsoft.public.windows.server.clustering)