Networking Forums  

Go Back   Networking Forums > Networking Newsgroups > Linux Networking
Reload this Page hosts.deny problem

hosts.deny problem

Reply
 
Thread Tools Display Modes
  #1  
Old 07-16-2005, 01:47 PM
Default hosts.deny problem


Hi all,

I hate to seem like I'm "crying wolf", but the following
hosts.deny is still letting the occassional person through.
My hosts.allow is empty. I am starting to wonder if there is
a software bug.

hosts.deny=

ALL EXCEPT sshd httpd: ALL

httpd, sshd: 80., 209., 210., 211., 212., 213., 214., 215., 216., 217.,
218., 60
..36., 195.70., 202., 203.,204.,205.,206.,207.,208.,201.

I've gotten people getting through this from 206.* and
other places.

Thanks for any advices.



scrunchy2k@yahoo.com
Reply With Quote
  #2  
Old 07-16-2005, 02:01 PM
Bit Twister
Guest
  
Posts: n/a
Default Re: hosts.deny problem
On 16 Jul 2005 05:47:02 -0700, (E-Mail Removed) wrote:
> Hi all,
>
> I hate to seem like I'm "crying wolf", but the following
> hosts.deny is still letting the occassional person through.
> My hosts.allow is empty. I am starting to wonder if there is
> a software bug.
>
> hosts.deny=
>
> ALL EXCEPT sshd httpd: ALL
>
> httpd, sshd: 80., 209., 210., 211., 212., 213., 214., 215., 216., 217.,
> 218., 60
> .36., 195.70., 202., 203.,204.,205.,206.,207.,208.,201.
>
> I've gotten people getting through this from 206.* and
> other places.
>
> Thanks for any advices.

just for fun I would move the ALL EXCEPT below the httpd line.
I would also move 206., in front of 80.,

Can we assume you did something like xinetd reload
or sent a hup to inetd to force re-reading /etc/host.allow/deny files.

Reply With Quote
  #3  
Old 07-16-2005, 04:35 PM
Unruh
Guest
  
Posts: n/a
Default Re: hosts.deny problem
(E-Mail Removed) writes:

>Hi all,

>I hate to seem like I'm "crying wolf", but the following
>hosts.deny is still letting the occassional person through.
>My hosts.allow is empty. I am starting to wonder if there is
>a software bug.

>hosts.deny=

>ALL EXCEPT sshd httpd: ALL

>httpd, sshd: 80., 209., 210., 211., 212., 213., 214., 215., 216., 217.,
>218., 60
>.36., 195.70., 202., 203.,204.,205.,206.,207.,208.,201.

>I've gotten people getting through this from 206.* and
>other places.

>Thanks for any advices.

In hosts.deny put
ALL:ALL
In host.accept put
httpd,sshd: ....
If you really want what you have there, why not put the second line before
the first.

from man hosts.deny
The access control software consults two files. The search stops at
the first match:

Since any sshd matches the first line of your hosts.deny file ( as being an
exception) I suspect it stops there. Ie, it never gets to your second line.

Reply With Quote
  #4  
Old 07-16-2005, 04:36 PM
Unruh
Guest
  
Posts: n/a
Default Re: hosts.deny problem
Bit Twister <(E-Mail Removed)> writes:

>On 16 Jul 2005 05:47:02 -0700, (E-Mail Removed) wrote:
>> Hi all,
>>
>> I hate to seem like I'm "crying wolf", but the following
>> hosts.deny is still letting the occassional person through.
>> My hosts.allow is empty. I am starting to wonder if there is
>> a software bug.
>>
>> hosts.deny=
>>
>> ALL EXCEPT sshd httpd: ALL
>>
>> httpd, sshd: 80., 209., 210., 211., 212., 213., 214., 215., 216., 217.,
>> 218., 60
>> .36., 195.70., 202., 203.,204.,205.,206.,207.,208.,201.
>>
>> I've gotten people getting through this from 206.* and
>> other places.
>>
>> Thanks for any advices.

>just for fun I would move the ALL EXCEPT below the httpd line.
>I would also move 206., in front of 80.,

>Can we assume you did something like xinetd reload
>or sent a hup to inetd to force re-reading /etc/host.allow/deny files.

The files are read on a case by case basis, not stored, AFAIK.


Reply With Quote
  #5  
Old 07-16-2005, 09:23 PM
Moe Trin
Guest
  
Posts: n/a
Default Re: hosts.deny problem
In the Usenet newsgroup comp.os.linux.networking, in article
<(E-Mail Removed). com>,
(E-Mail Removed) wrote:

>I hate to seem like I'm "crying wolf", but the following
>hosts.deny is still letting the occassional person through.

Possible syntax error (see below)

>My hosts.allow is empty. I am starting to wonder if there is
>a software bug.

I'd really recommend running in the opposite mode. Populate the
/etc/hosts.allow file, and set /etc/hosts.deny to just 'ALL: ALL'
In that way, if you make a mistake, the default is to deny, rather than
letting it fall all the way through and pass.

>httpd, sshd: 80., 209., 210., 211., 212., 213., 214., 215., 216., 217.,
>218., 60
>.36., 195.70., 202., 203.,204.,205.,206.,207.,208.,201.

Is that one line only? If not, the newlines have to be escaped

You could simplify this using a mask value. 200.0.0.0/248.0.0.0 and
208.0.0.0/240.0.0.0 would cover the range 200.0.0.0 - 223.255.255.255
in just two entries, but a lot better solution would be to list the
blocks that you wish to _allow_ rather than those you wish to block.

For what it's worth, 195.70.x.x is allocated to seven different countries
(AT, CH, CZ, HU, NO, RU, UK), and 60.36 is part of 60.32.0.0/255.240.0.0
and allocated to JP.

>I've gotten people getting through this from 206.* and other places.

"through this" how? What daemon and application are they connecting to?

Personally, I block with the firewall, rather than tcp_wrappers.
Remember, not all applications use tcp_wrappers (either directly or
through libwrap) - but the firewall gets there first.

Old guy
Reply With Quote
Reply

Tags
hostsdeny, problem

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 10:59 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.