Joined: 31 Aug 2009 Posts: 2448 Location: Third Rock from the Sun
Posted: Fri Jul 02, 2010 22:12 Post subject:
I am getting hammered on my http server and have added what I thought was the right subnet to asia.spam, stopped and restarted asiablock, yet It still persists.
Joined: 24 Aug 2009 Posts: 2070 Location: South Florida
Posted: Fri Jul 02, 2010 22:28 Post subject:
Dark_Shadow wrote:
I am getting hammered on my http server and have added what I thought was the right subnet to asia.spam, stopped and restarted asiablock, yet It still persists.
_________________ Optware, the Right Way
Asus RT-AC68U
Asus RT-N66U
Asus RT-N10
Asus RT-N12
Asus RT-N16 x5
Asus WL520gU
Engenious ECB350
Linksys WRT600Nv1.1
Linksys WRT610Nv1
Linksys E2000
Netgear WNDR3300
SonicWall NSA220W
SonicWall TZ215W
SonicWall TZ205W
SonicWall TZ105W
Joined: 31 Aug 2009 Posts: 2448 Location: Third Rock from the Sun
Posted: Sat Jul 03, 2010 2:24 Post subject:
I don't understand, I've tried both ways and I know that asiablock is doing something with it cause it adds entries next to the subnet I have added. But nether is blocking that ip address.
EDIT:
193.170.208.0/22 in asia.spam is working. the ip address is being blocked. don't understand why it took so long. _________________ Peacock Thread-FAQ -- dd-wrt Wiki
I am getting hammered on my http server and have added what I thought was the right subnet to asia.spam, stopped and restarted asiablock, yet It still persists.
Yes and No....
You are supposed to use the subnet given in "inetnum" not the one in route....
But it depends on the provider and what you want.... _________________ Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge
Posted: Wed Sep 01, 2010 14:46 Post subject: question on asia.spam
So I noticed that someone was trying to get in through ssh and I wanted to block the ip.
Following the example I did:
echo 217.219.115.0/18>>/opt/etc/asia.spam
and checked to see its in /opt/etc/asia.spam
then restarted firewall with service asiablock start
but now when i check the file /opt/etc/asia.spam the entry I put there is gone, and when i grep iptables I dont see the ip starting with 217 at all.
Joined: 24 Aug 2009 Posts: 2070 Location: South Florida
Posted: Wed Sep 01, 2010 16:19 Post subject: Re: question on asia.spam
niagafall wrote:
So I noticed that someone was trying to get in through ssh and I wanted to block the ip.
Following the example I did:
echo 217.219.115.0/18>>/opt/etc/asia.spam
and checked to see its in /opt/etc/asia.spam
then restarted firewall with service asiablock start
but now when i check the file /opt/etc/asia.spam the entry I put there is gone, and when i grep iptables I dont see the ip starting with 217 at all.
Any idea what Im doing wrong?
Thanks
When you restarted the asiablock service AFTER entering the new IP block, did it register an output and Download a new IP block list? _________________ Optware, the Right Way
Asus RT-AC68U
Asus RT-N66U
Asus RT-N10
Asus RT-N12
Asus RT-N16 x5
Asus WL520gU
Engenious ECB350
Linksys WRT600Nv1.1
Linksys WRT610Nv1
Linksys E2000
Netgear WNDR3300
SonicWall NSA220W
SonicWall TZ215W
SonicWall TZ205W
SonicWall TZ105W
Posted: Wed Oct 27, 2010 4:13 Post subject: Trying to run asiablock and stophammer with no luck
I installed optware and want to run asiablock and stophammer I enabled the services and then I start asiablock. The script does some activity and then it ends with
S95asiablock: /opt/etc/iptables.asia is not executed in rc_firewall, I will add it!
S95asiablock: Stop iptables
S95asiablock: Start iptables
Bad argument `NEW'
S95asiablock: It took 6 seconds to load 367 rules into iptables
I check iptables and there is nothing added. Same error happens when I disable asiablock or stophammer services
S95asiablock: iptables.asia will be removed from rc_firewall
S95asiablock: Stop iptables
S95asiablock: Start iptables
Bad argument `NEW'
Posted: Wed Oct 27, 2010 6:09 Post subject: Re: Trying to run asiablock and stophammer with no luck
Vess wrote:
I installed optware and want to run asiablock and stophammer I enabled the services and then I start asiablock. The script does some activity and then it ends with
S95asiablock: /opt/etc/iptables.asia is not executed in rc_firewall, I will add it!
S95asiablock: Stop iptables
S95asiablock: Start iptables
Bad argument `NEW'
S95asiablock: It took 6 seconds to load 367 rules into iptables
I check iptables and there is nothing added. Same error happens when I disable asiablock or stophammer services
S95asiablock: iptables.asia will be removed from rc_firewall
S95asiablock: Stop iptables
S95asiablock: Start iptables
Bad argument `NEW'
Any ideas? Thanks in advance.
Check your rc_firewall.
You are also using some of your own rules.
I think it doesn't support the method 'NEW' which is used in many examples....
If a line comes after the 'ESTABLISHED, RELATED' it's implicitly a NEW connection... _________________ Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge
Posted: Wed Oct 27, 2010 14:47 Post subject: Re: question on asia.spam
niagafall wrote:
So I noticed that someone was trying to get in through ssh and I wanted to block the ip.
Following the example I did:
echo 217.219.115.0/18>>/opt/etc/asia.spam
and checked to see its in /opt/etc/asia.spam
then restarted firewall with service asiablock start
but now when i check the file /opt/etc/asia.spam the entry I put there is gone, and when i grep iptables I dont see the ip starting with 217 at all.
Any idea what Im doing wrong?
Thanks
217.219.115.0/18 is not a valid network address
It's an odd number (115), so it can't be less than a /24
My script does some sanity-checks and it will throw out that line.
ipcalc -n 217.219.115.0/18
NETWORK=217.219.64.0
You need to use 217.219.64.0/18 or 217.219.115.0/24 depending on what you want.....
Check this to find out how the CIDR-notation works:
http://en.wikipedia.org/wiki/CIDR_notation _________________ Asus RT16N + OTRW
Kingston 4GB USB-disk 128 MB swap + 1.4GB ext3 on /opt + 2 GB ext3 on /mnt
Copperjet 1616 modem in ZipB-config
Asterisk, pixelserv & Pound running on router
Another Asus RT16N as WDS-bridge
- access asterisk outside from my Lan but only from France (I modified S95asiablock with "noAsia="fr")
- try to block bruteforce Asterisk hacks with limiting connections attempts to 3/mn.
This morning I had a brute force attack from UK [213.174.xxx.xxx] ...
Where am I wrong ... Is Frater somewhere out there ??
- access asterisk outside from my Lan but only from France (I modified S95asiablock with "noAsia="fr")
- try to block bruteforce Asterisk hacks with limiting connections attempts to 3/mn.
This morning I had a brute force attack from UK [213.174.xxx.xxx] ...
Where am I wrong ... Is Frater somewhere out there ??
Thanks
This is how your firewall should look. Fraters fixtables script negates the use of these first two lines (bottom to top):
Furthermore, why are you using the stateless UDP as the protocol?
Quote:
(I modified S95asiablock with "noAsia="fr")
It should be ISO-ham "fr" _________________ Optware, the Right Way
Asus RT-AC68U
Asus RT-N66U
Asus RT-N10
Asus RT-N12
Asus RT-N16 x5
Asus WL520gU
Engenious ECB350
Linksys WRT600Nv1.1
Linksys WRT610Nv1
Linksys E2000
Netgear WNDR3300
SonicWall NSA220W
SonicWall TZ215W
SonicWall TZ205W
SonicWall TZ105W