Re: Blocking incoming IP address immediately

From: Jeff Franks (jfranks1970_at_charter.net)
Date: 11/29/04

Next message: Mark Rafn: "Re: My Linux server got hacked last night -- please help!"
Previous message: Bill Unruh: "Re: My Linux server got hacked last night -- please help!"
In reply to: Tim Haynes: "Re: Blocking incoming IP address immediately"
Next in thread: Trygve Selmer: "Re: Blocking incoming IP address immediately"
Reply: Trygve Selmer: "Re: Blocking incoming IP address immediately"
Reply: Bill Unruh: "Re: Blocking incoming IP address immediately"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 29 Nov 2004 14:56:06 -0600

> What command exactly are you typing?
>
Lots of different ones :) I'm trying everything from the simple to the
complicated (in my mind).

Basically "iptables -s 123.45.67.89 -i INPUT -j DROP" (or REJECT, i've done
both).

> Are you using --syn at all? (Don't, as you want to be rejecting all
> packets
> from them.)

I played with --syn and with the --state, but I really didn't know what I
was doing, so I gave up on those :)

> You would only expect it to disconnect if it sent a REJECT back to the
> source that prompted a complete disconnection. Such a reject should really
> be `--reject-with tcp-reset', too.

AH! now there is something IU haven't tried. I'll give that a shot.

>> Even if I restart the iptables service, it continues to let him stay in.
>> Once I restart the entire computer (which kills all connections) it will
>> block them.
>
> How about if you
> nohup /etc/init.d/network restart
> ? Actually, doing an ifconfig eth0 down ; ifconfig eth0 up might fix it
> (but not from a remote shell lest you want to lose access altogether ;)
>

Well, there is a problem with downing the entire interface. This is a game
server with 30+ users on it most all the time. I need to be able to block a
single user on the fly without effecting the "good guys".

Next message: Mark Rafn: "Re: My Linux server got hacked last night -- please help!"
Previous message: Bill Unruh: "Re: My Linux server got hacked last night -- please help!"
In reply to: Tim Haynes: "Re: Blocking incoming IP address immediately"
Next in thread: Trygve Selmer: "Re: Blocking incoming IP address immediately"
Reply: Trygve Selmer: "Re: Blocking incoming IP address immediately"
Reply: Bill Unruh: "Re: Blocking incoming IP address immediately"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: need a thread to keep a socket connection alive?
... bear in mind that you do not receive packets - you ... receive a stream of data, which may usually come in the same quantities ...
(comp.lang.python)
Re: [Fedora] Re: iptables: drop or reject?
... to invalid user names on my network. ... Ever since I started dropping ... What used to be just a few packets every minute has now ... Mind you, the same thing is happening with a lot of other networks ...
(Fedora)
Using netgraph for filtering/modifing packets
... For testing of a product I would like to be able to modify or even drop ... packets based on their content. ... What I have in mind is forcing the ... is this something doable with netgraph, ...
(freebsd-net)