Jump to content
When you buy through links on our site, we may earn an affiliate commission.

  • Current Donation Goals

FreeBSD Security Question

freddy333

By freddy333
in General Discussion

 Share

Recommended Posts

freddy333 Proficient

freddy333

Posted
Posted

This is for those who're FreeBSD Unix system admins:
Is there a way to drop/disconnected an IP addresss on-the-fly?

 

I've got an old server running FreeBSD 4.11, which, for a variety of reasons, cannot be upgraded to current kernel (long story). So, we're stuck dealing with it as-is. The server's been running without incident for ~18 years and has never suffered a breach or internal security issue. Trouble-makers are routinely added to our ipf firewall's deny list, which does a good job of keeping them away. However, this one (46.229.168... Advanced Hosters of Netherlands), although blocked at the firewall, is constantly banging on the site (currently pinging 40+ ports with variations of the core IP (e.g., 46.229.168.74, 46.229.168.72, 46.229.168.68, et al) and they're beginning to bog-down our connection.

 

Another server's running BSD 6.x, with tcpdrop, which makes dropping offending IPs like AH easy. But, unfortunately, the BSD 4.11 doesn't include tcpdrop, so I'm looking to find an alternative way of dropping IP connections.

 

Anyone?

  • Like 1
Link to comment
Share on other sites
Beau7816 Collaborator

Beau7816

Posted
Posted
This is for those who're FreeBSD Unix system admins:
Is there a way to drop/disconnected an IP addresss on-the-fly?
 
I've got an old server running FreeBSD 4.11, which, for a variety of reasons, cannot be upgraded to current kernel (long story). So, we're stuck dealing with it as-is. The server's been running without incident for ~18 years and has never suffered a breach or internal security issue. Trouble-makers are routinely added to our ipf firewall's deny list, which does a good job of keeping them away. However, this one (46.229.168... Advanced Hosters of Netherlands), although blocked at the firewall, is constantly banging on the site (currently pinging 40+ ports with variations of the core IP (e.g., 46.229.168.74, 46.229.168.72, 46.229.168.68, et al) and they're beginning to bog-down our connection.
 
Another server's running BSD 6.x, with tcpdrop, which makes dropping offending IPs like AH easy. But, unfortunately, the BSD 4.11 doesn't include tcpdrop, so I'm looking to find an alternative way of dropping IP connections.
 
Anyone?

I know a guy in NASA that talks like you ??

Sent from my SM-G935F using Tapatalk

Link to comment
Share on other sites
freddy333 Proficient

freddy333

Posted
  • Author
Posted
2 hours ago, rails said:

Could you call your ISP and get a new static IP for the box?

 

Changing the IP would muck up our domain name translation, and I was finally able to blackhole the miscreant, thus eliminating the problem.

Thank you.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...
Please Sign In or Sign Up