Mailinglist Archive: opensuse (4343 mails)

< Previous Next >
iptables
  • From: Rikard Johnels <rjhn@xxxxxxxx>
  • Date: Sat, 2 Nov 2002 17:05:11 +0100
  • Message-id: <200211021705.11275.rjhn@xxxxxxxx>
Hi!
Dunna if this is thr right list, but i need help blocking IP's from access to
my network.
I get a few "tries" similar to:
213.66.14.220 - - [02/Nov/2002:16:46:13 +0100] "GET /scripts/root.exe?
/c+dir HTTP/1.0" 404 270
213.66.14.220 - - [02/Nov/2002:16:46:16 +0100] "GET /MSADC/root.exe?
/c+dir HTTP/1.0" 404 268
213.66.14.220 - - [02/Nov/2002:16:46:19 +0100] "GET /c/winnt/system32
/cmd.exe?/c+dir HTTP/1.0" 404 278
213.66.14.220 - - [02/Nov/2002:16:46:23 +0100] "GET
/d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 278

And so forth...
Is there a way to block them automagically, or do i have to do it "by hand"?

Also: I nmap my gateway:
server:~ # nmap -sT 213.66.182.24

Starting nmap V. 2.53 by fyodor@xxxxxxxxxxxx ( www.insecure.org/nmap/ )
Interesting ports on qux.foo.bar (xxx.yyy.zzz.qqq):
(The 1515 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
22/tcp open ssh
80/tcp open http
111/tcp open sunrpc
139/tcp open netbios-ssn
631/tcp open unknown
1009/tcp open unknown
1025/tcp open listen

Nmap run completed -- 1 IP address (1 host up) scanned in 1 second

I run iptables and try to block 111,139,631,1009 and 1025
iptables -A INPUT -p tcp --destination-port 111 -i eth0 -j DROP
but it is still open if i check again. Why?


--

/Rikard

------------------------------------------------------------------------------------
Rikard Johnels email : rjhn@xxxxxxxx
Web : http://www.rikjoh.com
Mob : +46 70 464 99 39

------------------------ Public PGP fingerprint ----------------------------
< 15 28 DF 78 67 98 B2 16 1F D3 FD C5 59 D4 B6 78 46 1C EE 56 >

< Previous Next >