Re: Blocking incoming IP address immediately
From: Bill Unruh (unruh_at_string.physics.ubc.ca)
Date: 11/30/04
- Next message: Bill Unruh: "Re: My Linux server got hacked last night -- please help!"
- Previous message: pawn: "PAM help needed (need su access over ssh connection)"
- In reply to: Jeff Franks: "Re: Blocking incoming IP address immediately"
- Next in thread: Tim Haynes: "Re: Blocking incoming IP address immediately"
- Reply: Tim Haynes: "Re: Blocking incoming IP address immediately"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 30 Nov 2004 01:56:00 GMT
"Jeff Franks" <jfranks1970@charter.net> writes:
]> What command exactly are you typing?
]>
]Lots of different ones :) I'm trying everything from the simple to the
]complicated (in my mind).
]Basically "iptables -s 123.45.67.89 -i INPUT -j DROP" (or REJECT, i've done
]both).
]> Are you using --syn at all? (Don't, as you want to be rejecting all
]> packets
]> from them.)
]I played with --syn and with the --state, but I really didn't know what I
]was doing, so I gave up on those :)
]> You would only expect it to disconnect if it sent a REJECT back to the
]> source that prompted a complete disconnection. Such a reject should really
]> be `--reject-with tcp-reset', too.
]AH! now there is something IU haven't tried. I'll give that a shot.
]>> Even if I restart the iptables service, it continues to let him stay in.
]>> Once I restart the entire computer (which kills all connections) it will
]>> block them.
]>
]> How about if you
]> nohup /etc/init.d/network restart
]> ? Actually, doing an ifconfig eth0 down ; ifconfig eth0 up might fix it
]> (but not from a remote shell lest you want to lose access altogether ;)
]>
]Well, there is a problem with downing the entire interface. This is a game
]server with 30+ users on it most all the time. I need to be able to block a
]single user on the fly without effecting the "good guys".
It is an iptables issue. IPtables could be brought down and up, rather than
the interface (which would not do much).
- Next message: Bill Unruh: "Re: My Linux server got hacked last night -- please help!"
- Previous message: pawn: "PAM help needed (need su access over ssh connection)"
- In reply to: Jeff Franks: "Re: Blocking incoming IP address immediately"
- Next in thread: Tim Haynes: "Re: Blocking incoming IP address immediately"
- Reply: Tim Haynes: "Re: Blocking incoming IP address immediately"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
