#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2001
    Location
    entlegen
    Posts
    442
    Rep Power
    13

    how to kill an IP who is browsing / download in apache server???


    how to kill an IP who is browsing / download ??


    if shutdown -r now or shutdown -h now, it is taking care "HACKER of the Notorious", but for "baby hacker". I want to kill that IP in a linux command.

    I do not wish to restart httpd!!!!!!!!!!


    any bright ideas are welcome!!!!
    regards,

    wish to use AT 89c51 single chip computer to do remote sensing and send the data back from woods to office via nokie 3330 and internet. HOW?
    first I must revise C program thro' example, what's next?
  2. #2
  3. 11
    Devshed Demi-God (4500 - 4999 posts)

    Join Date
    Jul 2001
    Location
    Lynn, MA
    Posts
    4,635
    Rep Power
    82
    Why this topic again? This is like the third time you've asked.

    Go read about ipchains / iptables. It should be trivial to add a rule on a case-by-case basis from the command line.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2000
    Location
    Edmonton, AB, Canada
    Posts
    44
    Rep Power
    15
    A quick iptables based solution may be something along the lines of:
    Code:
    iptables -A INPUT -p tcp -s the.ip.address.toblock -j REJECT --reject-with icmp-port-unreachable
    That'll prevent them from connecting to any service on your box... assuming you're running linux, with iptables.

    You could probably do something in an .htaccess file too... but that would only prevent connections to apache, not other services.
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Posts
    4
    Rep Power
    0
    First off, I don't know anything about iptables, since ipfilter is far more robust and mature.

    >> REJECT --reject-with icmp-port-unreachable

    That would be appropriate for udp packets. Echo reply with port-unr for TCP reveals to the other end that your port is actually open, which is an extremely bad way for any packet filter ruleset. The proper/secure way is to reply with RESET, in ipfilter, that's return-rst.

    I am not sure if iptables supports dynamic rulesets. In ipfilter, I can insert dynamic rule on-the-fly to my 1st rule or group, without reloading my entire static rulesets. Of course, to make it permanent, I can insert it to my /etc/ipf.rules and reload it. This could be a way to avoid DOS attack to Apache, but it's somewhat expensive to really implement it.
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2000
    Location
    Edmonton, AB, Canada
    Posts
    44
    Rep Power
    15
    freebsd,

    That's good stuff to know - I didn't realize that using port unreachable for tcp revealed that the port was open.

    Yes, iptables does support dynamic rules (if we're thinking of the same thing).
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Posts
    4
    Rep Power
    0
    auth/ident (tcp port 113) is a good example. If your ruleset blocks it without a reply or reply with port unreachable, that doesn't stop the timeout.
    The proper way is to send a TCP RESET so it doesn't timeout at all. This is true for all tcp on any port (listening/not listening).
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2001
    Location
    entlegen
    Posts
    442
    Rep Power
    13
    can u put it in more simple and direct comand, so that I can tried out what u said.

    I must again I am a newbie and depsite I have made a running working site. I still have many things to learn.
    regards,

    wish to use AT 89c51 single chip computer to do remote sensing and send the data back from woods to office via nokie 3330 and internet. HOW?
    first I must revise C program thro' example, what's next?

IMN logo majestic logo threadwatch logo seochat tools logo