SoloCDM wrote:
> I went to whois and found the location of the offenders.
Or maybe (more likely) you just found the location of another of the
boxes that they've cracked.
> I had another attack form a different source:
>
> ftpd[8877]: getpeername (in.ftpd): Transport endpoint is not connected
> telenetllc03.erols.com
This isn't necessarily an attack; this just means that the connection
was terminated shortly after it was established (e.g. the user clicks
on a link, changes their mind, then hits the "Stop" button).
> I just added the following line to /etc/hosts.deny. Will it stop any
> of the attacks?
>
> in.telnetd, in.ftpd, in.tftpd, in.fingerd: ALL EXCEPT LOCAL,
> .[domain].net
hosts.deny should contain "ALL: ALL"; you then explicitly allow access
via hosts.allow.
-- Glynn Clements <glynn@sensei.co.uk> - To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
This archive was generated by hypermail 2b29 : Sat Sep 23 2000 - 21:00:33 EST