Blocking Ip address ranges
Tim Alberts
talberts at msiscales.com
Tue Jan 25 17:36:54 UTC 2005
I can agree they're most likely probes rather than attacks (of course a
probe that finds a weekness becomes an attack..) can't the logging level
just be turned down? Not quite as safe, but could get you to the
content you need to deal with quicker? Perhaps split the logging into
two separate logs, emergency and warning levels? Just abstract
thought...I have no idea how to accomplish either suggestion?
On Tue, 2005-01-25 at 11:32 -0600, Thomas Cameron wrote:
> On Tue, 2005-01-25 at 17:27 +0000, Robert Slade wrote:
> > Hiya,
> >
> > I'm using FC2 and my Web Server keeps getting attacked by from a number
> > of sources (Korea, China, France) which is filling the logs up with
> > rubbish. I have been adding the IP addresses to IPtables, but it is a
> > bit of a pain to keep doing this as there are quite a few attacks from
> > different IPs. Is there an easy way of doing this? I'm thinking of
> > setting up a rule in Iptables to point to a file which I can easily add
> > the IP addresses that I need to block. Is this possible and what would
> > be the syntax?
> >
> > Thanks
> >
> > Rob
>
> I tried this years ago, and quickly found that I could never keep up.
> These "attacks" (usually more probes than outright attacks) come from
> all over the globe.
>
> Me personally, I just live with the log entries.
>
> Thomas
>
More information about the fedora-list
mailing list