Simplest way to deny access to a class C

Fri Mar 4 13:51:04 UTC 2011

On 4 March 2011 02:43, Jorge Biquez <jbiquez at intranet.com.mx> wrote:

> Thank you all for your time and comments.
>
> I guess that I will install a firewall, that way I can also block those
> Class C's from sending tons of emails to non existing accounts....
> I will read the website to see the best options.  Any suggestion is more
> than welcome.
>
> Jorge Biquez
>
>
> At 06:02 p.m. 03/03/2011, you wrote:
>
>> Be careful of automated responses.  What if someone spoofs IP's of legit
>> users / customers / whatever and your automated response blocks them?  Not
>> good.
>>
>> I thought about blocking....well, never mind - might pi$$ someone off and
>> attract unwanted attention...
>>
>> -----Original Message-----
>> From: owner-freebsd-questions at freebsd.org [mailto:
>> owner-freebsd-questions at freebsd.org] On Behalf Of Patrick Gibson
>> Sent: Thursday, March 03, 2011 5:58 PM
>> To: Jorge Biquez
>> Cc: freebsd-questions at freebsd.org
>> Subject: Re: Simplest way to deny access to a class C
>>
>> You might consider mod_security (/usr/ports/www/mod_security) which
>> can be set up to ban hosts based on behaviour or characteristics.
>>
>> Or fail2ban (/usr/ports/security/py-fail2ban) is really great, too, in
>> that it scans whatever logs you want, and can trigger a block in your
>> firewall if enough violating log entries are found within a particular
>> period of time. Everything is totally configurable, and there are
>> plenty of examples that come with it.
>>
>> Patrick
>>
>>
>> On Thu, Mar 3, 2011 at 8:59 AM, Jorge Biquez <jbiquez at intranet.com.mx>
>> wrote:
>> > Hello all.
>> >
>> > I am sorry in advance if this question sounds too stupid.
>> >
>> > I have a small server for personal use of webpages running:
>> >
>> > 7.3-PRERELEASE FreeBSD 7.3-PRERELEASE #0
>> >
>> > it is working fine , no problem very stable.
>> >
>> > I just need to block some IP class C address that are always trying to
>> > "discover" directories or applications under the web server. They do not
>> do
>> > and can not do anything since this server has nothing installed but i am
>> > tired of seeing in the logs all the intents they do every 2-3 seconds.
>> >
>> > I have not installed any kind of firewall yet.
>> > What do you think is the best way to accomplish this task? If possible
>> the
>> > easiest one. I do not want to do anything else but just bloc IP's, at
>> this
>> > moment at least.
>> >
>> > Thanks in advance.
>> >
>> > Jorge Biquez
>> >
>> > _______________________________________________
>> > freebsd-questions at freebsd.org mailing list
>> > http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> > To unsubscribe, send any mail to "
>> freebsd-questions-unsubscribe at freebsd.org"
>> >
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "
>> freebsd-questions-unsubscribe at freebsd.org"
>>
>>
>>
>>
>>
>> <font size="1">
>> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in
>> 0in 1.0pt 0in'>
>> </div>
>> "This email is intended to be reviewed by only the intended recipient
>>  and may contain information that is privileged and/or confidential.
>>  If you are not the intended recipient, you are hereby notified that
>>  any review, use, dissemination, disclosure or copying of this email
>>  and its attachments, if any, is strictly prohibited.  If you have
>>  received this email in error, please immediately notify the sender by
>>  return email and delete this email from your system."
>> </font>
>>
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "
>> freebsd-questions-unsubscribe at freebsd.org"
>>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
>

you might wamt to look at geoip as well. you can open  up services to specif
regions then, or block other regions. Can be controversial though.