Thomas A. Lowery wrote:
When I mentioned this script to friend at work, his response was to block everyone except IPs or domains where you expect connection to come from instead of being reactive. Just recently I noticed on my SuSE 9.0 computer a similar problem with vsftpd attacks. I remember having read this thread so I searched for it to give me some ideas on how to respond. I mentioned my problem to an admin at work and he also thought the above approach was a good idea especially since I only run that for a few family and friends.
With a little Googling and man page reading I figured out how to configure the hosts.allow and deny. In hosts.deny I have ALL : ALL and in hosts.allow I have something like ALL : somedomain.com. The problem is that the connecting client times out trying to connect. I remember reading somewhere that I had to put the host in hosts or the DNS lookup would timeout so I suppose that is what is happening. If somedomain.com was a fixed address host, then putting it in hosts would be no problem. Since my family and friends all have dynamic addresses, this is a problem. We all use the free name from www.noip.com but I can't put those in hosts since the address is not fixed. How can I get the tcp_wrappers stuff to work with DNS so I can use the dynamic addresses? So far, all the Googling I have done has led me to a few pages that give some basic info about setting up the hosts.allow and hosts.deny files but I haven't found anything about this DNS problem. Damon Register