Re: Looking for tool to scan / block IPs

From: Moe Trin (ibuprofin_at_painkiller.example.tld)
Date: 10/30/05

  • Next message: Peter Billam: "Re: Shred option in the current Mandriva Linux OS a fake?"
    Date: Sun, 30 Oct 2005 12:32:17 -0600
    
    

    In the Usenet newsgroup comp.os.linux.security, in article
    <1130647115.879298.247520@g14g2000cwa.googlegroups.com>, valdasr@gmail.com
    wrote:

    >>> I think portsentry will do what you are looking for

    >> I've been using portsentry for years

    >Basically it does that by default installation, at least i dont not do
    >anything special in config file,

    I've always been concerned about self-denial-of-service tools like
    portsentry. Look at the man page for nmap - specifically the -D option,
    and contemplate what portsentry will do when someone uses the IP addresses
    of your name servers as arguments to 'nmap -D'

    >after couple days i already have this in my host.deny file
    >
    >ALL: 218.47.59.72
    >ALL: 82.235.92.123
    >ALL: 211.212.183.116
    >ALL: 207.67.25.104
    >ALL: 203.239.60.72

    Kindly read the man page for hosts_access(5) - the section on "ACCESS
    CONTROL FILES":

           The access control software consults two files. The search
           stops at the first match:

           o Access will be granted when a (daemon,client) pair
                  matches an entry in the /etc/hosts.allow file.

           o Otherwise, access will be denied when a (dae-
                  mon,client) pair matches an entry in the
                  /etc/hosts.deny file.

           o Otherwise, access will be granted.

    so the only thing that goes in /etc/hosts.deny is

    ALL: ALL

    But also recall that /etc/hosts.deny is only consulted by those applications
    that are using tcp_wrappers, or are compiled with 'libwrap' support. As
    regards regular firewalls, they follow a similar logic, looking for a rule
    that matches, and stopping when one is found. A sane configuration is one
    that blocks all by default, and only explicitly permits those things that
    are needed/desired.

            Old guy


  • Next message: Peter Billam: "Re: Shred option in the current Mandriva Linux OS a fake?"