I'm gonna cry. I'm a victim!

**UberC0der** · January 6th, 2002, 06:12 AM

Excellent Vorlin! I hope you don't mind if I kind of re-hash/repeat what you have already said in my two posts here. I kinda posted them before I realized that you had pretty much answered the question and then I came back to edit them.

Hi jason-mis, just a little feedback on your /etc/hosts.deny and the error messages we saw in secure log.

[root@nothing /root]# cat /etc/hosts.deny
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
all <---- This is what secure log is complaining about on line 9 "missing : "

hosts.deny should be in this format if you want to block all:

ALL: ALL EXCEPT 127.0.0.1 Vorlin's caveat applies here.
TCP Wrappers (as mentioned by Vorlin) can drop individual ip's into /etc/hosts.deny, check out portsentry, it can make use of TCP Wrappers for all offending hosts if you choose. Below is an example of blocking individual ip addresses.

ALL: 24.116.131.36
ALL: 65.242.102.24

etc...

Thread: I'm gonna cry. I'm a victim!

Thread Tools

Display

Threaded View

Posting Permissions