help me with this ip (in linux)

[tontod]

Hi, I have a linux machine at a remote location. Someone has been repeatedly trying to ftp in, but the service is off, ie. cant ftp in. Each time there is a denial, I (root) get an email. This guy seems to be trying to connect like every few seconds : 148.221.197.105 . Doing an nslookup I get du-148-221-197-105.prodigy.net.mx . Any ideas on how I can report this guy? He attempts a connect like once every 10 seconds or so. It is killing the net connection on the machine. Let me know if anyone can help. Thanks.

 

[ddiccico]

AFAIK, trying to ftp to a machine is not illegal. This is not prodigy, it's a mexican isp so even if he was doing something wrong it would be tough to nail him.

 

[Soybomb]

Deny incoming connections from tha tip in your rc.firewall.

 

[BOFH]

ipchains -A input 148.221.197.105/32 -j DENY

should stop all traffic that ip rather quickly assuming you're running a 2.2 kernel and are root

 

[tontod]

ddiccico: i know its not illegal, but getting a request every 5 seconds is causing problems on the machine.

BOFH: thanks, I'll try that.

Edit: BOFH, that didnt work. I do have the 2.2 kernel and support for ipchains.

 

[BOFH]

tontod

you're right. thats what I get for saying stuff when I'm too tired. try


ipchains -A input -s 148.221.197.105/32 -j DENY

notice the -s telling it were its comming from

 

[Damaged]

Yes, you're going to have to compile the firewall options into the kernel. Though, if you're running a stock kernel this is usually already in there on distros like RH and Mandrake.

What exactly didn't work though? If it's just a command not found then you should try /sbin/ipchains <blah>. It just may not be in your path. Also you need to be root when you issue this command.