blocking attempts to cmd.exe, ipblock 66.xxx.xxx.xxx [Archive]

View Full Version : blocking attempts to cmd.exe, ipblock 66.xxx.xxx.xxx

horoscopes2000

12-03-2001, 03:43 PM

I have noticed the code red worm cmd.exe attempts are starting to get out of hand on my RaQ3.

How do I block attempts from a certain IP address?

I noticed virtually 100% of these attempts come from 66.xxx.xxx.xxx

Who owns this 66 IPblock, and should I consider blocking everything that starts 66. ? If so, how would I do that?

Pingu

12-03-2001, 04:43 PM

That's a class A address and very few companies in the world actually own such an address. It's usually "divided" amongst many companies.

You can block it, but you'll be blocking 16,000,000 ip addresses

horoscopes2000

12-03-2001, 04:52 PM

Ah, perhaps I'd better not do that then. Thanks for the reply.

jahsh

12-03-2001, 05:29 PM

add the x.x.x.x IP address to /etc/hosts.deny
for more help:
man hosts.deny

huck

12-03-2001, 07:03 PM

Hosts.deny has nothing to do with the web server if your are running the web server as a standalone server. So using apache as a standalone server, adding entries to hosts.deny will NEVER prevent someone from getting in via httpd.

The Laughing Cow

12-03-2001, 07:13 PM

well if you could get to the nearest router you could install an ACL.