similar to: Netfilter fails to filter traffic from a netblock?

On Sun, Apr 19, 2020 at 9:26 AM Anand Buddhdev <anandb at ripe.net> wrote: > > On 19/04/2020 14:58, Jeffrey Walton wrote: > > Hi Jeffrey, > > > The offending host is 59.64.129.175. To err on the side of caution we > > attempted to block the entire netblock. According to whois data, > > that's 59.64.128.0-59.64.159.255. > > > > iptables -A

On Sun, Apr 19, 2020 at 8:58 AM Jeffrey Walton <noloader at gmail.com> wrote: > > Hi Everyone, > > We rent a CentOS 7 VM from GoDaddy. We received a warning about > excessive cpu usage, and a threat to cancel our service. We tracked it > down to Apache and someone hammering our web server. > > The offending host is 59.64.129.175. To err on the side of caution we >

On 19/04/2020 14:58, Jeffrey Walton wrote: Hi Jeffrey, > The offending host is 59.64.129.175. To err on the side of caution we > attempted to block the entire netblock. According to whois data, > that's 59.64.128.0-59.64.159.255. > > iptables -A INPUT -s 59.64.128.0/19 -p TCP -j DROP > > After reboot cpu usage is still high and access_log still shows > useless

Thought it might also be helpful to confirm that firewalld is not interfering in any way. what is the output of ~$# systemctl status firewalld On Sun, Apr 19, 2020 at 9:30 AM Jeffrey Walton <noloader at gmail.com> wrote: > > On Sun, Apr 19, 2020 at 9:26 AM Anand Buddhdev <anandb at ripe.net> wrote: > > > > On 19/04/2020 14:58, Jeffrey Walton wrote: > > >

On Sun, Apr 19, 2020 at 9:40 AM Mike <1100100 at gmail.com> wrote: > > Thought it might also be helpful to confirm that firewalld is not > interfering in any way. > > what is the output of ~$# systemctl status firewalld Thanks Mike. # systemctl status firewalld Unit firewalld.service could not be found. Jeff

On 19/04/2020 15:30, Jeffrey Walton wrote: > Ugh, thanks. I did not realize the changes were only temporary. > > What is the recommended way to permanently add a ban rule? On CentOS 7, the default firewall is "firewalld", and you can configure it with "firewall-cmd". You can use it to add temporary or permanent rules. You can read the man page of that to learn how

Some lists and emails are distributed via ns1.samba.org. For those of you that use ORBS, you'll find it is blacklisted now. There is no mention of it on the website and it doesn't return a positive when you enter it for testing but it has slipped into the ORBS blacklist somewhere. Samba.org admins may wish to force all ns1 outbound email via another netblock, bringing it up to ORBS only

Hi, I have a question. I have a routeable /24 netblock including a server at a colocation and I would like to use tincd to tunnel part of that netblock to an internal network on another location being connected to the internet via gateway with DSL link and a single static IP address, so I can use public routable IP addresses on the local network. I have tincd 1.0 pre7 installed on both the local

CentOS-6.5 i86_64 qemu-kvm-0.12.1.2-2.415.el6_5.4 MS-Windows v7proSP1 We have installed a MicroSoft Win7 system as a guest and have joined it to our MS AD domain. The system runs and has internet access. However, the IPv4 address it obtains and the gateway it is assigned are both sourced from the virtual machine host system and not from our AD DC DHCP server. To clarify, the virbr0 IP address

Sub:[LARTC] cbq init for one port on a subnet Hello, We use cbq.init to limit bandwidth. It works great on a per-user basis. Now I''d like to limit traffic from a netblock to the Internet on port 6699. Network is 192.168.0.160 mask 255.255.255.224 eth0 is the gateway eth1 connects the netblock in question Is this the proper syntax; DEVICE=eth0,10Mbit,1Mbit RATE=100Kbit

CentOS-6.6 We have a host that has multiple IPv4 addresses aliased to eth0. The primary address is 216.185.71.x and the alias is 192.168.6.x. This host connects to devices on both netblocks without problems. Only default routing is used and it looks like this: #ip route 192.168.6.0/24 dev eth0 proto kernel scope link src 192.168.6.x 216.185.71.0/24 dev eth0 proto kernel scope link src

This note is essentially a request for a reality check. I use IPFW & natd on the box that provides the interface between my home networks and the Internet; the connection is (static) residential DSL. I configured IPFW to accept & log all SSH "setup" requests, and use natd to forward such requests to an internal machine that only accepts public key authentication; that

I have a three interface network (net,loc,dmz). The internet interface (eth0) has a static IP. Windows machine in the local network (eth1) use DHCP to get IPs from the 192.168.10.0/24 netblock. The Debian machine in the DMZ (eth2) gets a fixed IP through DHCP in the 192.168.11.0/24 netblock. The DHCP server is running on the firewall machine (not ideal, I know, but that''s the way

Greetings, What are some registrars that members of this list have had good experience with? I was stepping through the godaddy checkout process, and being opted-in to a dozen different upsell features just left a bad impression. But I have no clue who else to go with. -Eugene -------------- next part -------------- An HTML attachment was scrubbed... URL:

I've been having some odd problems with samba and it's libsmb/nmblib parts. It seems to be trying to transmit data to the .63 of my netblock, i.e. the IP of the machine would be 24.240.60.20, it'd be trying to transmit to 24.240.60.63. I've changed IPs about 15 times since, and it does it to each different block I change to. If the IP of the local machine got changed to

I am seeing log file entries like this: IN=eth0 OUT=eth1 SRC=109.74.193.253 DST=x.y.z.34 LEN=122 TOS=0x00 PREC=0x00 TTL=48 ID=49692 PROTO=ICMP TYPE=3 CODE=3 [SRC=x.y.z.34 DST=109.74.193.253 LEN=94 TOS=0x00 PREC=0x00 TTL=53 ID=41330 PROTO=UDP SPT=34679 DPT=53 LEN=74 ] This is found on our gateway host. eth0 is the WAN i/f, eth1 is the LAN i/f. Our netblock is x.y.z.0/24. Can somebody tell me

Patch is below : diff -nru openssh-3.8.1p1/auth-options.c openssh-3.8.1p1-devs//auth-options.c --- openssh-3.8.1p1/auth-options.c Tue Jun 3 02:25:48 2003 +++ openssh-3.8.1p1-devs//auth-options.c Mon Feb 21 16:56:49 2005 @@ -265,6 +265,81 @@ xfree(patterns); goto next_option; } + +/* e.g: permitopenned="158.156.0.0/255.255.255.0:25[-1024]" + * note that part between [] is

I am contemplating converting some of our internal networks from routable to private IPv4 address space. I have a question about RIP as implemented under Cisco IOS 12.x. Presently the setting for rip is: router rip version 2 passive-interface [[FastEthernet]]0/0 network aaa.bbb.ccc.0 no auto-summary What I would like to know is how one routes the entire 192.168/16 address space using rip.

Robin Lynn Frank wrote: > I have an entire /8 blacklisted. The problem is there is a single IP in > it I want to exempt from this. Searching the web site, I note there > used to be (circa version 1.3) a whitelist feature, but I couldn''t find > a simple solution to what I want to do. > > What would be the bes/easiest way to accomplish this? I can''t think of a

I have rules like this on my servers: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[[:digit:].]{7,15}\]\) (- )USER [-_.[:alnum:]]+: no such user found from [._[:alnum:]-]+ \[[[:digit:].]{7,15}\]\ to [[:digit:].]{7,15}:21$ basically, I just don't care about logins as nonexistent users, I get so many of those that I don't even