How can I block IP address range with sshd_config
Rick Stevens
rstevens at vitalstream.com
Tue Jul 27 21:48:58 UTC 2004
James Marcinek wrote:
> I recently had the same issue. I could you give an example of a reject rule.
> This is the IP address that was used: 210.99.38.200 They tried to use the same
> non-existent account. Is there some exploit out there or are they just trying to
> get into a system that is not secured well? They have their FTP daemon running:
> ISA Server: extended error message : 220 WOWLiNUX Paran R2 Server ready. 530
> Sorry, maxium users 10 -- try again later James
Did you also contact the people who own that IP (a public school in
Korea...surprise, surprise!) and tell them that what they're doing is
bloody illegal? You should, even though they'll most likely ignore you.
To block incoming connection attempts from that address in iptables:
iptables -A INPUT -p tcp -s 210.99.38.200 --syn -j DROP
And if you want to also block UDP:
iptables -A INPUT -p udp -s 210.99.38.200 -j DROP
You might want to block the whole /26 CIDR allocation:
iptables -A INPUT -p tcp -s 210.99.38.192/26 --syn -j DROP
iptables -A INPUT -p udp -s 210.99.38.192/26 -j DROP
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens at vitalstream.com -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- Better to understand a little than to misunderstand a lot. -
----------------------------------------------------------------------
More information about the fedora-list
mailing list