Hi! Dunna if this is thr right list, but i need help blocking IP's from access to my network. I get a few "tries" similar to: 213.66.14.220 - - [02/Nov/2002:16:46:13 +0100] "GET /scripts/root.exe? /c+dir HTTP/1.0" 404 270 213.66.14.220 - - [02/Nov/2002:16:46:16 +0100] "GET /MSADC/root.exe? /c+dir HTTP/1.0" 404 268 213.66.14.220 - - [02/Nov/2002:16:46:19 +0100] "GET /c/winnt/system32 /cmd.exe?/c+dir HTTP/1.0" 404 278 213.66.14.220 - - [02/Nov/2002:16:46:23 +0100] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 278 And so forth... Is there a way to block them automagically, or do i have to do it "by hand"? Also: I nmap my gateway: server:~ # nmap -sT 213.66.182.24 Starting nmap V. 2.53 by fyodor@insecure.org ( www.insecure.org/nmap/ ) Interesting ports on qux.foo.bar (xxx.yyy.zzz.qqq): (The 1515 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 22/tcp open ssh 80/tcp open http 111/tcp open sunrpc 139/tcp open netbios-ssn 631/tcp open unknown 1009/tcp open unknown 1025/tcp open listen Nmap run completed -- 1 IP address (1 host up) scanned in 1 second I run iptables and try to block 111,139,631,1009 and 1025 iptables -A INPUT -p tcp --destination-port 111 -i eth0 -j DROP but it is still open if i check again. Why? -- /Rikard ------------------------------------------------------------------------------------ Rikard Johnels email : rjhn@linux.nu Web : http://www.rikjoh.com Mob : +46 70 464 99 39 ------------------------ Public PGP fingerprint ---------------------------- < 15 28 DF 78 67 98 B2 16 1F D3 FD C5 59 D4 B6 78 46 1C EE 56 >