SoloCDM wrote: > I went to whois and found the location of the offenders. Or maybe (more likely) you just found the location of another of the boxes that they've cracked. > I had another attack form a different source: > > ftpd[8877]: getpeername (in.ftpd): Transport endpoint is not connected > telenetllc03.erols.com This isn't necessarily an attack; this just means that the connection was terminated shortly after it was established (e.g. the user clicks on a link, changes their mind, then hits the "Stop" button). > I just added the following line to /etc/hosts.deny. Will it stop any > of the attacks? > > in.telnetd, in.ftpd, in.tftpd, in.fingerd: ALL EXCEPT LOCAL, > .[domain].net hosts.deny should contain "ALL: ALL"; you then explicitly allow access via hosts.allow. -- Glynn Clements <glynn@sensei.co.uk> - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
