[wellylug] Blocking bad IPs from server
Jethro Carr
jethro.carr at jethrocarr.com
Fri Jan 26 23:49:49 NZDT 2007
On Fri, 2007-01-26 at 19:55 +1300, Cliff Pratt wrote:
> You can use blacklists without the ipsets. Admittedly I only block a few
> addresses. Personally, I don't see the point of huge IP address lists -
> they change all the time.
I don't bother blocking access to my website, (except for the login
functions which have brute-force protection), and I have no problem with
any IP viewing my site, unless I caught a certain IP repeating abusing
something.
However, in regards to blocking system services (eg: SSH), what I
believe is the best policy, is to block EVERYTHING and only allow
traffic that you trust, rather than setting up rules for known bad
servers, etc - because you will never have all the bad servers listed as
they change all the time - but it's way easier to have all the good ones
listed. :-)
This approach also means you will have far less rules in your firewall,
and if no blacklisting is used, there is no chance of accidentally
getting your own IP blacklisted because you had a typo in your password
3 times in a row. :-)
--
Jethro Carr
www.jethrocarr.com
www.jethrocarr.com/index.php?page=cv/cv.php
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.wellylug.org.nz/pipermail/wellylug/attachments/20070126/93e1e0aa/attachment.pgp
More information about the wellylug
mailing list