Hi, I came across this thread while re-organizing my inbox. But, to block access from some certain IP address ranges, I would suggest you use "blocking route" with "route" command. Man page has a good explanation how it works with an example: route add -net 10.0.0.0 netmask 255.0.0.0 reject With this way, you can block access at Layer 3(IP) level without coming through TCP/IP then reaching xinetd. Just my idea. By the way, I haven't tested this command though. Toshi On Wed, 2006-06-14 at 18:38 -0500, David Rankin wrote:
Mates,
I am trying to configure hosts.deny to deny all access to APNIC IP's. I am also looking for any additional ideas that you have found that work to deny other notorious scrip kiddie addresses as well. So if you have a good hosts.deny file you wouldn't mind posting or sharing, I would welcome the help. The apnic ranges I have found so far come from: http://www.apnic.net/db/ranges.html The hosts.deny file I have put together from that looks like the following. What is everybody else doing to cut down on the annoying sshd/ftp etc.. attempts?
# /etc/hosts.deny # See 'man tcpd' and 'man 5 hosts_access' as well as /etc/hosts.allow # for a detailed description.
# Excluded APNIC Ranges ALL : 210. ALL : 211. ALL : 58. ALL : 60. ALL : 121. ALL : 122. ALL : 126. ALL : 169.208. ALL : 196.192. ALL : 202. ALL : 203. ALL : 210. ALL : 218. ALL : 220. ALL : 222.
-- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 www.rankinlawfirm.com
-- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.8.4/363 - Release Date: 6/13/06