Re: Blocking incoming IP address immediately

From: Tim Haynes (usenet-20041129_at_stirfried.vegetable.org.uk)
Date: 11/29/04

• Next message: Chris Cox: "Re: My Linux server got hacked last night -- please help!"
• Previous message: sarah chang: "My Linux server got hacked last night -- please help!"
• In reply to: Jeff Franks: "Re: Blocking incoming IP address immediately"
• Next in thread: Jeff Franks: "Re: Blocking incoming IP address immediately"
• Reply: Jeff Franks: "Re: Blocking incoming IP address immediately"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 29 Nov 2004 19:41:42 +0000

"Jeff Franks" <jfranks1970@charter.net> writes:

[snip]
> The way I have tested this is to start the firewall and get another
> person to help me by either joining the game or Roger Wilco. Then I try
> the commands. If it were to take effect immediately, I'd expect it to
> bump him off of whatever connection he has. It doesn't.

What command exactly are you typing?

Are you using --syn at all? (Don't, as you want to be rejecting all packets
from them.)

You would only expect it to disconnect if it sent a REJECT back to the
source that prompted a complete disconnection. Such a reject should really
be `--reject-with tcp-reset', too.

> Even if I restart the iptables service, it continues to let him stay in.
> Once I restart the entire computer (which kills all connections) it will
> block them.

How about if you
  nohup /etc/init.d/network restart
? Actually, doing an ifconfig eth0 down ; ifconfig eth0 up might fix it
(but not from a remote shell lest you want to lose access altogether ;)

[snip]

~Tim

-- 
Tell me where oh where has summer gone      |piglet@stirfried.vegetable.org.uk
It hasn't come this year                    |http://spodzone.org.uk/cesspit
You always cry when swallows fly            |
With doubts in search of dreams             |

---

• Next message: Chris Cox: "Re: My Linux server got hacked last night -- please help!"
• Previous message: sarah chang: "My Linux server got hacked last night -- please help!"
• In reply to: Jeff Franks: "Re: Blocking incoming IP address immediately"
• Next in thread: Jeff Franks: "Re: Blocking incoming IP address immediately"
• Reply: Jeff Franks: "Re: Blocking incoming IP address immediately"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: PPPoE ... > disconnect. ... ppp tries to reestablish the connection ... > but even after that the connection is not restored as ... [snip 125 K of ppp.log!] ... (freebsd-net) Re: LanManFS & Win XP ... Michael Hambley wrote: ... Connection using host name: ... I use Omniclient instead of Lanman but you have to enable clear text passwords otherwise PC will reject the ROS machine. ... (comp.sys.acorn.networking) Re: Atheists ... We have typical backbone connection. ... as a LAN (local area network) within a vast WAN ... [snip other technical details] ... (alt.usage.english) Re: Great SWT Program ... that amounts to my saying "the GUI paradigm sucks"? ... wise, than with things like vi, although it may have things in common ... if "dial-up speed connection" is broadened ... (comp.lang.java.programmer) Re: Techy Q?s... ... >& it really shouldn't matter what the actual Internet Connection is? ... >Can I install PCguard on all the computers in my home network? ... >The way I deal with spam may not suit everybody. ... (uk.people.silversurfers)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.os.linux.security  > 2004-11