Re: Root kits and host.deny



Frynge.com Support:

> 1: Does anyone know without a firewall how to block an ip through the
> hosts.deny or any other secure method?
>
> is it
> ALL: 211.174.53.89 : DENY

You can use the "KNOWN" wildcard.

A better way to block all services not explicitly defined is to make the last
entry in hosts.allow
ALL : ALL : DENY
removing the need for a hosts.deny.

> 3: Also, do you have anywhere you can send ips like the above, to either
> report them, (i am going to report it to his isp he is in korea - but I am
> waiting to do things to him possibly)

Distributed Intrusion Detection System
DShield.org

> [root@oannes chkrootkit-0.46a]# ./chkrootkit -q
> Possible t0rn v8 \(or variation\) rootkit installed

Give rkhunter a gander.
http://www.rootkit.nl/

Krack