Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Michael Sullivan <michael@××××××××××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] OT - Some miscellanous questions about hack attacks and dealing with them
Date: Thu, 22 Feb 2007 18:55:39
Message-Id: 1172169999.11120.46.camel@camille.espersunited.com
In Reply to: Re: [gentoo-user] OT - Some miscellanous questions about hack attacks and dealing with them by Raymond Lewis Rebbeck
1 On Fri, 2007-02-23 at 03:49 +1030, Raymond Lewis Rebbeck wrote:
2 > On Friday, 23 February 2007 3:15, Michael Sullivan wrote:
3 > > I have logsentry installed on my system which sends me hourly reports
4 > > about possible hack attempts on my three boxes. I use ipkungfu for my
5 > > firewall. I've stuck with the default configuration for ipkungfu,
6 > > except for listing each of my machines in my LAN in the
7 > > accepted_hosts.conf file. I also set ipkungfu to drop all offensive
8 > > packets (not sure if that's the default or not.) Whenever I see someone
9 > > trying the break in in the logsentry reports, I add their IP to the
10 > > deny_hosts.conf file and restart ipkungfu so that the changes will take
11 > > effect. I'm wondering why if these offending IPs in deny_hosts.conf are
12 > > being stopped at the firewall I'm still seeing them fail to authenticate
13 > > to my FTP and ssh servers?
14 >
15 > If you think you've setup your firewall to block these IPs and yet they are
16 > still able to access your machines, then it sounds like your firewall is
17 > misconfigured and isn't blocking the IPs.
18 >
19 > > Also, I've always heard that you shouldn't
20 > > have any ports open on your machine unless you have some server bound to
21 > > that port because hackers can get in through unbound open ports. Is
22 > > this true?
23 >
24 > I've never heard of this. All ports that you don't want accessible from the
25 > internet should be completely blocked by your firewall if you have it
26 > correctly configured.
27 >
28 > > If so, how does it work? What do they connect to if
29 > > nothing's running on the port they're trying? I know the concept of a
30 > > backdoor in a running program, but if no program is running on said port
31 > > for them to connect to, how do they get in???
32 >
33 > They connect to nothing, they shouldn't be able to establish a connection.
34 >
35 > > -Michael Sullivan-
36 >
37 >
38 >
39 > --
40 > Raymond Lewis Rebbeck
41
42 This is my /etc/ipkungfu/ipkungfu.conf file on
43 catherine.espersunited.com . The comments have been removed for
44 conciseness:
45
46 EXT_NET="eth0"
47 LOCAL_NET="127.0.0.1"
48 ALLOWED_TCP_IN="21 22 25 80"
49 ALLOWED_UDP_IN=""
50 SUSPECT="DROP"
51 KNOWN_BAD="DROP"
52 PORT_SCAN="DROP"
53 GET_IP="AUTO"
54 DONT_DROP_IDENTD=1
55 WAIT_SECONDS=5
56
57 Is this not a correct configuration? Here is the output of ipkungfu -l:
58
59 catherine ipkungfu # ipkungfu -l
60 Chain INPUT (policy DROP 0 packets, 0 bytes)
61 pkts bytes target prot opt in out source
62 destination
63 7098 2517K ACCEPT all -- any any anywhere
64 anywhere state RELATED,ESTABLISHED
65 0 0 LOG all -- lo any 0.0.0.1
66 anywhere LOG level warning prefix `IPKF IPKungFu (--init)'
67 0 0 DROP all -- eth0 any 124.1.149.222
68 anywhere
69 0 0 DROP all -- eth0 any
70 205.158.114.117.ptr.us.xo.net anywhere
71 0 0 DROP all -- eth0 any 222.90.206.62
72 anywhere
73 0 0 DROP all -- eth0 any 61.178.185.124
74 anywhere
75 0 0 DROP all -- eth0 any 65.98.76.197
76 anywhere
77 0 0 DROP all -- eth0 any 211.234.99.230
78 anywhere
79 0 0 DROP all -- eth0 any sd-2613.dedibox.fr
80 anywhere
81 0 0 DROP all -- eth0 any 222.135.146.45
82 anywhere
83 0 0 DROP all -- eth0 any 210.75.200.104
84 anywhere
85 0 0 DROP all -- eth0 any 210.83.48.238
86 anywhere
87 0 0 DROP all -- eth0 any 69.149.231.150
88 anywhere
89 0 0 DROP all -- eth0 any 61.243.90.149
90 anywhere
91 0 0 DROP all -- eth0 any 222.62.149.99
92 anywhere
93 0 0 DROP all -- eth0 any
94 72.237.88.202.asianet.co.in anywhere
95 0 0 DROP all -- eth0 any 211.61.207.31
96 anywhere
97 0 0 DROP all -- eth0 any 212.14.53.4
98 anywhere
99 0 0 DROP all -- eth0 any
100 61-222-84-195.HINET-IP.hinet.net anywhere
101 0 0 DROP all -- eth0 any smtp.tvitatiba.com.br
102 anywhere
103 0 0 DROP all -- eth0 any 91.25.73.211-savecom
104 anywhere
105 0 0 DROP all -- eth0 any
106 host150197.metrored.net.mx anywhere
107 0 0 DROP all -- eth0 any
108 d5152C2AF.access.telenet.be anywhere
109 0 0 DROP all -- eth0 any 218.50.2.99
110 anywhere
111 0 0 DROP all -- eth0 any 210.97.242.17
112 anywhere
113 0 0 DROP all -- eth0 any sd-156.dedibox.fr
114 anywhere
115 0 0 DROP all -- eth0 any
116 lax-static-208.57.150.227.mpowercom.net anywhere
117 0 0 DROP all -- eth0 any 61.145.175.51
118 anywhere
119 0 0 DROP all -- eth0 any
120 adsl-131.98.51.info.com.ph anywhere
121 0 0 DROP all -- eth0 any 203.190.147.138
122 anywhere
123 0 0 DROP all -- eth0 any slo-guest.not.iac.es
124 anywhere
125 0 0 DROP all -- eth0 any 219.94.134.39
126 anywhere
127 0 0 DROP all -- eth0 any
128 customer-201-147-235-248.uninet-ide.com.mx anywhere
129 0 0 DROP all -- eth0 any 216.218.240.157
130 anywhere
131 0 0 DROP all -- eth0 any 202.113.3.104
132 anywhere
133 0 0 DROP all -- eth0 any 60.12.225.7
134 anywhere
135 0 0 DROP all -- eth0 any 61.142.175.65
136 anywhere
137 0 0 DROP all -- eth0 any 219.235.231.105
138 anywhere
139 0 0 DROP all -- eth0 any 219.148.237.109
140 anywhere
141 0 0 DROP all -- eth0 any
142 s15192846.onlinehome-server.info anywhere
143 0 0 DROP all -- eth0 any 219.234.80.58
144 anywhere
145 0 0 DROP all -- eth0 any 61.167.117.140
146 anywhere
147 0 0 DROP all -- eth0 any 61.139.78.2
148 anywhere
149 0 0 DROP all -- eth0 any 219.232.59.181
150 anywhere
151 0 0 DROP all -- eth0 any 222.36.2.100
152 anywhere
153 0 0 DROP all -- eth0 any 218.5.4.236
154 anywhere
155 0 0 DROP all -- eth0 any
156 static-81-219-251-66.devs.futuro.pl anywhere
157 0 0 DROP all -- eth0 any 222.216.204.101
158 anywhere
159 0 0 DROP all -- eth0 any 203.71.2.73
160 anywhere
161 0 0 DROP all -- eth0 any 125.251.149.66
162 anywhere
163 0 0 DROP all -- eth0 any
164 61-218-62-150.HINET-IP.hinet.net anywhere
165 0 0 DROP all -- eth0 any 196.46.235.118
166 anywhere
167 0 0 DROP all -- eth0 any
168 static-71-166-159-154.washdc.east.verizon.net anywhere
169 0 0 DROP all -- eth0 any 222.122.20.110
170 anywhere
171 0 0 DROP all -- eth0 any
172 200-91-244-86-host.ifx.net.co anywhere
173 0 0 DROP all -- eth0 any 219.235.231.103
174 anywhere
175 0 0 DROP all -- eth0 any host54.77.cable1.evro.net
176 anywhere
177 0 0 DROP all -- eth0 any 203.149.62.140
178 anywhere
179 0 0 DROP all -- eth0 any jerkface.org
180 anywhere
181 0 0 DROP all -- eth0 any
182 mailscanner.net-rosas.com.br anywhere
183 0 0 DROP all -- eth0 any tm.net.my
184 anywhere
185 0 0 DROP all -- eth0 any mail.iab.com.ar
186 anywhere
187 0 0 DROP all -- eth0 any 202.122.16.35
188 anywhere
189 0 0 DROP all -- eth0 any 218.78.209.253
190 anywhere
191 0 0 DROP all -- eth0 any
192 59-106-20-54.r-bl100.sakura.ne.jp anywhere
193 0 0 DROP all -- eth0 any
194 gcg62.internetdsl.tpnet.pl anywhere
195 0 0 DROP all -- eth0 any se.ramm.net
196 anywhere
197 0 0 DROP all -- eth0 any 210.94.6.89
198 anywhere
199 0 0 DROP all -- eth0 any 203.127.35.166
200 anywhere
201 0 0 DROP all -- eth0 any
202 59-106-20-94.r-bl100.sakura.ne.jp anywhere
203 0 0 DROP all -- eth0 any 124.1.35.2
204 anywhere
205 0 0 DROP all -- eth0 any 196.12.53.52
206 anywhere
207 0 0 DROP all -- eth0 any 64.27.28.229
208 anywhere
209 0 0 DROP all -- eth0 any 125.243.145.2
210 anywhere
211 0 0 DROP all -- eth0 any
212 53.subnet216.astinet.telkom.net.id anywhere
213 0 0 DROP all -- eth0 any 65.205.238.12
214 anywhere
215 0 0 DROP all -- eth0 any 221.136.78.17
216 anywhere
217 0 0 DROP all -- eth0 any 85.132.13.186
218 anywhere
219 0 0 DROP all -- eth0 any p87-237.cmet.net
220 anywhere
221 0 0 DROP all -- eth0 any p87-237.cmet.net
222 anywhere
223 0 0 DROP all -- eth0 any 61.129.41.20
224 anywhere
225 0 0 DROP all -- eth0 any
226 host-87-74-30-140.bulldogdsl.com anywhere
227 0 0 DROP all -- eth0 any 212.144.240.140
228 anywhere
229 0 0 DROP all -- eth0 any 159.226.234.16
230 anywhere
231 0 0 DROP all -- eth0 any 222.138.97.20
232 anywhere
233 0 0 DROP all -- eth0 any 61.152.169.150
234 anywhere
235 0 0 DROP all -- eth0 any
236 dsl51B7DB9D.fixip.t-online.hu anywhere
237 0 0 DROP all -- eth0 any 80-239-2-89.tjgroup.no
238 anywhere
239 0 0 DROP all -- eth0 any
240 host64-231-149-62.serverdedicati.aruba.it anywhere
241 0 0 DROP all -- eth0 any
242 62-148-177-206-hosted-by.denit.net anywhere
243 0 0 DROP all -- eth0 any 211.176.61.119
244 anywhere
245 0 0 DROP all -- eth0 any 61.136.143.176
246 anywhere
247 0 0 DROP all -- eth0 any 216.17.96.152
248 anywhere
249 0 0 DROP all -- eth0 any 61.125.24.84
250 anywhere
251 0 0 DROP all -- eth0 any 125.248.148.10
252 anywhere
253 0 0 DROP all -- eth0 any oa
254 anywhere
255 0 0 DROP all -- eth0 any 125.246.65.136
256 anywhere
257 0 0 DROP all -- eth0 any 202.79.208.131
258 anywhere
259 0 0 DROP all -- eth0 any 124.128.157.98
260 anywhere
261 0 0 DROP all -- eth0 any main.popligroup.com
262 anywhere
263 0 0 DROP all -- eth0 any 125.152.17.236
264 anywhere
265 0 0 DROP all -- eth0 any mail.triple-eagle.com
266 anywhere
267 0 0 DROP all -- eth0 any 211.99.140.229
268 anywhere
269 0 0 DROP all -- eth0 any
270 216.31.131.61.broad.dynamic.pt.fj.cndata.com anywhere
271 0 0 DROP all -- eth0 any 125.244.116.130
272 anywhere
273 5 302 ACCEPT all -- any any bullet.espersunited.com
274 anywhere
275 2 248 ACCEPT all -- any any camille.espersunited.com
276 anywhere
277 0 0 DROP all -- any any anywhere
278 anywhere recent: CHECK seconds: 120 name: badguy side:
279 source
280 0 0 LOG tcp -- eth0 any anywhere
281 anywhere tcp
282 flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG limit: avg 3/sec
283 burst 5 LOG level warning prefix `IPKF flags ALL: '
284 0 0 LOG tcp -- eth0 any anywhere
285 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE limit: avg
286 3/sec burst 5 LOG level warning prefix `IPKF flags NONE: '
287 0 0 LOG tcp -- eth0 any anywhere
288 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG limit:
289 avg 3/sec burst 5 LOG level warning prefix `IPKF PORTSCAN (nmap XMAS):
290 '
291 0 0 LOG tcp -- eth0 any anywhere
292 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN limit: avg
293 3/sec burst 5 LOG level warning prefix `IPKF PORTSCAN (nmap FIN): '
294 0 0 LOG tcp -- eth0 any anywhere
295 anywhere tcp flags:FIN,SYN/FIN,SYN limit: avg 3/sec burst 5
296 LOG level warning prefix `IPKF flags SYN,FIN: '
297 0 0 LOG tcp -- eth0 any anywhere
298 anywhere tcp flags:SYN,RST/SYN,RST limit: avg 3/sec burst 5
299 LOG level warning prefix `IPKF flags SYN,RST: '
300 0 0 LOG tcp -- eth0 any anywhere
301 anywhere tcp
302 flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG limit: avg 3/sec burst
303 5 LOG level warning prefix `IPKF SYN,RST,ACK,FIN,URG: '
304 0 0 LOG tcp -- eth0 any anywhere
305 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE limit: avg
306 3/sec burst 5 LOG level warning prefix `IPKF PORTSCAN (nmap NULL): '
307 0 0 DROP tcp -- eth0 any anywhere
308 anywhere tcp
309 flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
310 0 0 DROP tcp -- eth0 any anywhere
311 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
312 0 0 DROP tcp -- eth0 any anywhere
313 anywhere tcp flags:FIN,SYN/FIN,SYN
314 0 0 DROP tcp -- eth0 any anywhere
315 anywhere tcp flags:SYN,RST/SYN,RST
316 0 0 DROP tcp -- eth0 any anywhere
317 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
318 0 0 DROP tcp -- eth0 any anywhere
319 anywhere tcp
320 flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
321 0 0 DROP tcp -- eth0 any anywhere
322 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN
323 0 0 DROP tcp -- eth0 any anywhere
324 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
325 1 92 ACCEPT icmp -- any any anywhere
326 anywhere icmp echo-request
327 10 400 LOG all -- any any anywhere
328 anywhere state INVALID limit: avg 3/sec burst 5 LOG level
329 warning prefix `IPKF Invalid TCP flag: '
330 10 400 DROP all -- any any anywhere
331 anywhere state INVALID
332 0 0 LOG all -f eth0 any anywhere
333 anywhere limit: avg 3/sec burst 5 LOG level warning prefix
334 `IPKF Fragmented Packet: '
335 0 0 DROP all -f eth0 any anywhere
336 anywhere
337 0 0 LOG icmp -- eth0 any anywhere
338 anywhere icmp timestamp-request limit: avg 3/sec burst 5 LOG
339 level warning prefix `IPKF ICMP Timestamp: '
340 0 0 DROP icmp -- eth0 any anywhere
341 anywhere icmp timestamp-request
342 4 192 syn-flood tcp -- eth0 any anywhere
343 anywhere tcp flags:FIN,SYN,RST,ACK/SYN
344 0 0 LOG tcp -- eth0 any anywhere
345 anywhere tcp flags:!SYN,RST,ACK/SYN state NEW limit: avg
346 3/sec burst 5 LOG level warning prefix `IPKF New Not SYN: '
347 0 0 DROP tcp -- eth0 any anywhere
348 anywhere tcp flags:!SYN,RST,ACK/SYN state NEW
349 0 0 DROP tcp -- eth0 any anywhere
350 anywhere multiport dports netbios-ns,6666
351 1 404 DROP udp -- eth0 any anywhere
352 anywhere multiport dports ms-sql-m
353 2 96 ACCEPT tcp -- eth0 any anywhere
354 anywhere state NEW multiport dports ftp,ssh,smtp,http
355 37 3156 ACCEPT all -- lo any anywhere
356 anywhere state NEW
357 0 0 ACCEPT all -- lo any localhost.localdomain
358 anywhere state NEW
359 0 0 REJECT tcp -- any any anywhere
360 anywhere tcp dpt:auth reject-with tcp-reset
361 36 11218 LOG !icmp -- any any anywhere
362 anywhere limit: avg 3/sec burst 5 LOG level warning prefix
363 `IPKF INPUT Catch-all: '
364 36 11218 DROP all -- any any anywhere
365 anywhere
366
367 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
368 pkts bytes target prot opt in out source
369 destination
370 0 0 ACCEPT all -- any any anywhere
371 anywhere state RELATED,ESTABLISHED
372 0 0 ACCEPT all -- eth0 any bullet.espersunited.com
373 anywhere
374 0 0 ACCEPT all -- eth0 any camille.espersunited.com
375 anywhere
376 0 0 DROP all -- eth0 any anywhere
377 anywhere recent: CHECK seconds: 120 name: badguy side:
378 source
379 0 0 LOG tcp -- eth0 any anywhere
380 anywhere tcp
381 flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG limit: avg 3/sec
382 burst 5 LOG level warning prefix `IPKF flags ALL: '
383 0 0 LOG tcp -- eth0 any anywhere
384 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE limit: avg
385 3/sec burst 5 LOG level warning prefix `IPKF flags NONE: '
386 0 0 LOG tcp -- eth0 any anywhere
387 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG limit:
388 avg 3/sec burst 5 LOG level warning prefix `IPKF flags FIN,URG,PSH: '
389 0 0 LOG tcp -- eth0 any anywhere
390 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN limit: avg
391 3/sec burst 5 LOG level warning prefix `IPKF PORTSCAN (nmap XMAS): '
392 0 0 LOG tcp -- eth0 any anywhere
393 anywhere tcp flags:FIN,SYN/FIN,SYN limit: avg 3/sec burst 5
394 LOG level warning prefix `IPKF flags SYN,FIN: '
395 0 0 LOG tcp -- eth0 any anywhere
396 anywhere tcp flags:SYN,RST/SYN,RST limit: avg 3/sec burst 5
397 LOG level warning prefix `IPKF flags SYN,RST: '
398 0 0 LOG tcp -- eth0 any anywhere
399 anywhere tcp
400 flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG limit: avg 3/sec burst
401 5 LOG level warning prefix `IPKF SYN,RST,ACK,FIN,URG: '
402 0 0 LOG tcp -- eth0 any anywhere
403 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE limit: avg
404 3/sec burst 5 LOG level warning prefix `IPKF PORTSCAN (nmap NULL): '
405 0 0 DROP tcp -- eth0 any anywhere
406 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
407 0 0 DROP tcp -- eth0 any anywhere
408 anywhere tcp
409 flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
410 0 0 DROP tcp -- eth0 any anywhere
411 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
412 0 0 DROP tcp -- eth0 any anywhere
413 anywhere tcp flags:FIN,SYN/FIN,SYN
414 0 0 DROP tcp -- eth0 any anywhere
415 anywhere tcp flags:SYN,RST/SYN,RST
416 0 0 DROP tcp -- eth0 any anywhere
417 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
418 0 0 DROP tcp -- eth0 any anywhere
419 anywhere tcp
420 flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
421 0 0 DROP tcp -- eth0 any anywhere
422 anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN
423 0 0 LOG all -- eth0 any anywhere
424 anywhere state INVALID limit: avg 3/sec burst 5 LOG level
425 warning prefix `IPKF Invalid TCP flag: '
426 0 0 DROP all -- eth0 any anywhere
427 anywhere state INVALID
428 0 0 LOG all -f eth0 any anywhere
429 anywhere limit: avg 3/sec burst 5 LOG level warning prefix
430 `IPKF Fragmented Packet: '
431 0 0 DROP all -f eth0 any anywhere
432 anywhere
433 0 0 LOG icmp -- eth0 any anywhere
434 anywhere icmp timestamp-request limit: avg 3/sec burst 5 LOG
435 level warning prefix `IPKF ICMP Timestamp: '
436 0 0 DROP icmp -- eth0 any anywhere
437 anywhere icmp timestamp-request
438 0 0 syn-flood tcp -- eth0 any anywhere
439 anywhere tcp flags:FIN,SYN,RST,ACK/SYN
440 0 0 LOG tcp -- eth0 any anywhere
441 anywhere tcp flags:!SYN,RST,ACK/SYN state NEW limit: avg
442 3/sec burst 5 LOG level warning prefix `IPKF New Not SYN: '
443 0 0 DROP tcp -- eth0 any anywhere
444 anywhere tcp flags:!SYN,RST,ACK/SYN state NEW
445 0 0 DROP tcp -- eth0 any anywhere
446 anywhere multiport dports netbios-ns,6666
447 0 0 DROP udp -- eth0 any anywhere
448 anywhere multiport dports ms-sql-m
449 0 0 REJECT tcp -- eth0 any anywhere
450 anywhere tcp dpt:auth reject-with tcp-reset
451
452 Chain OUTPUT (policy ACCEPT 3 packets, 120 bytes)
453 pkts bytes target prot opt in out source
454 destination
455 6646 1321K ACCEPT all -- any any anywhere
456 anywhere state RELATED,ESTABLISHED
457 513 31858 ACCEPT all -- any any anywhere
458 anywhere state NEW
459
460 Chain syn-flood (2 references)
461 pkts bytes target prot opt in out source
462 destination
463 4 192 RETURN all -- any any anywhere
464 anywhere limit: avg 10/sec burst 24
465 0 0 LOG all -- any any anywhere
466 anywhere limit: avg 3/sec burst 5 LOG level warning prefix
467 `IPKF SYN flood: '
468 0 0 DROP all -- any any anywhere
469 anywhere
470
471
472 I don't understand a lot of this, but those IP addresses are from
473 my /etc/ipkungfu/deny_hosts.conf file. Is this not actually blocking
474 them? I almost always read about connections from (a) recently-blocked
475 IP address(es) for a few hours after I block them in the hourly
476 logsentry reports...
477
478 --
479 gentoo-user@g.o mailing list
Report Message
Find on MARC Find on Google Groups