Re: Root kits and host.deny
- From: Edward Krack <eddie_krack@xxxxxxxxx>
- Date: Thu, 8 Dec 2005 20:09:26 -0800
> 1: Does anyone know without a firewall how to block an ip through the
> hosts.deny or any other secure method?
> is it
> ALL: 220.127.116.11 : DENY
You can use the "KNOWN" wildcard.
A better way to block all services not explicitly defined is to make the last
entry in hosts.allow
ALL : ALL : DENY
removing the need for a hosts.deny.
> 3: Also, do you have anywhere you can send ips like the above, to either
> report them, (i am going to report it to his isp he is in korea - but I am
> waiting to do things to him possibly)
Distributed Intrusion Detection System
> [root@oannes chkrootkit-0.46a]# ./chkrootkit -q
> Possible t0rn v8 \(or variation\) rootkit installed
Give rkhunter a gander.