[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]

I religiously block IPs that exhibit strange behavior (port scans, spam,
formmail, x90, etc),and I have iptables rules to LOG further attempts
(it all adds up)  I divide the blocks up between ALL, HTTP, and SMTP, so
someone that port maps a mailserver can still visit websites, and
someone who bongs a webserver can still send good email.  The ALL list
is derived from bot reports, etc.

As of this point in time here are copies of the lists:

<a  rel="nofollow" href="http://jimpop.net/stuff/block-all";>http://jimpop.net/stuff/block-all</a>
<a  rel="nofollow" href="http://jimpop.net/stuff/block-http";>http://jimpop.net/stuff/block-http</a>
<a  rel="nofollow" href="http://jimpop.net/stuff/block-smtp";>http://jimpop.net/stuff/block-smtp</a>

I have yet to hear one complaint from any user that I have blocked a
legitimately used IP address.

Here's a script that I use to pull data out of apache logs and spit out
a list of IP addresses to HTTP block.
---------------
TEMP=temp.$$
egrep &quot;FormMail.cgi|FormMail.pl|cltreq.asp|_vti_bin|_vti_bin|_vti_inf|
apage.cgi|auctions.cgi|awstats|ctpub_adserv.cgi|formmail.cgi|
formmail.pl|imgannot.cgi|includer.cgi|openwebmail|proxyjudge.cgi|
tellafriend.pl|upload2.cgi&quot; /var/log/httpd/error_log* | sed -e 's/.*
\[client \(.*\)\].*/\1/' &gt; $TEMP
sed -e &quot;s/SEARCH.*x90.*/BLOCK-IP/&quot; /var/log/httpd/*_log* | grep BLOCK-IP
| sed -e 's/ - - .*//' &gt;&gt; $TEMP
sort -u $TEMP
rm -f $TEMP
----------------


&gt; 
&gt; On the same topic does anyone know the max number of ppp interfaces?
&gt; 
&gt; On Thu, 2005-06-02 at 17:04, Jim Popovitch wrote:
&gt; &gt; Are there any known limits to the number of rules in iptables?  I
&gt; &gt; currently have about 27000+ rules, with no noticeable issues.  What's
&gt; &gt; the upper limit, if there is any, and what are the limiting factors?
&gt; &gt; 
&gt; &gt; Thx,
&gt; &gt; 
&gt; &gt; -Jim P.
&gt; &gt; 
&gt; &gt; _______________________________________________
&gt; &gt; Ale mailing list
&gt; &gt; Ale at ale.org
&gt; &gt; <a  rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
&gt; 
&gt; _______________________________________________
&gt; Ale mailing list
&gt; Ale at ale.org
&gt; <a  rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>


</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00104" href="msg00104.html">[ale] iptables limits?</a></strong>
<ul><li><em>From:</em> jimpop at yahoo.com (Jim Popovitch)</li></ul></li>
<li><strong><a name="00105" href="msg00105.html">[ale] iptables limits?</a></strong>
<ul><li><em>From:</em> cfowler at outpostsentinel.com (Christopher Fowler)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00107.html">[ale] iptables limits?</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00109.html">[ale] iptables limits?</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00147.html">[ale] iptables limits?</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00106.html">[ale] iptables limits?</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00108"><strong>Date</strong></a></li>
<li><a href="threads.html#00108"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>