you can use a REJECT instead of DENY for the ipchains rule and your machine will not appear to even be online. if you use the deny rule, they can still tell what ports you have open, but cannot connect to them. On Thu, 6 Sep 2001, maf king wrote:
On 2001.09.06 17:06:59 +0100 Radu Anghel wrote:
Hi,
Got an ip witch is scanning during the night (an internet cafe sez pcnet). How can I block all the ports for this IP?
Many thanks,
Radu
1. What kernel version are you using? It makes a difference for the command to use.
2. Make sure you have ipchains (2.2.x) or iptables (2.4.x) installed
issue a command (as root) along the lines of :
iptables -I INPUT 1 -s addr.of.bad.ip -j DROP
(for 2.4.x)
see man iptables for an explanation of this.
if you are on a 2.2.x kernel, use
ipchains -I INPUT 1 -s bad.ip.add.ress -j DENY
NOTE : this doesn't stop them scanning, it just stops you from replying!
HTH Maf
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Maf. King Standby Exhibition Services ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"It is easier to do a job right than to explain why you didn't."
- Martin Van Buren
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com