capnqwest
30th January 2005, 09:25 AM
Jan 29 00:45:02 localhost sshd[25443]: Failed password for root from ::ffff:207.96.146.43 port 45599 ssh2
Jan 29 00:45:12 localhost sshd[25447]: Address 207.96.146.43 maps to smtp2.visic.com, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!
I've got this one machine that hammers my FC3 box sometimes up to 30,000 times per day and of course I'd like to block him. According to my security logs, he's the only threat at this point so I figured that just putting his host in my /etc/hosts.deny file would be the simplest solution. On this box, I'm running SSHD, HTTPD and a Samba server so I obviously need those ports open.
My question is whether or not my syntax is correct in my deny file. I've Googled the hell out of this but haven't seen a clear example. Here is my file:
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
207.96.146.43.deny
Is that correct if I just want to keep Mr. 207.96.146.43 out?
Jan 29 00:45:12 localhost sshd[25447]: Address 207.96.146.43 maps to smtp2.visic.com, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!
I've got this one machine that hammers my FC3 box sometimes up to 30,000 times per day and of course I'd like to block him. According to my security logs, he's the only threat at this point so I figured that just putting his host in my /etc/hosts.deny file would be the simplest solution. On this box, I'm running SSHD, HTTPD and a Samba server so I obviously need those ports open.
My question is whether or not my syntax is correct in my deny file. I've Googled the hell out of this but haven't seen a clear example. Here is my file:
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
207.96.146.43.deny
Is that correct if I just want to keep Mr. 207.96.146.43 out?