<HTML>
<HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="OPENWEBMAIL" name=GENERATOR>
</HEAD>
<BODY bgColor=#ffffff>
<font size="2">>
> ------- End of Original Message -------
<br />>
I have this rule in iptables, but had no affect
<br />>
DROP all -- 213.80.73.45
213.80.73.45
<br />>
I also has him in hosts.deny
<br />>
<br />>
I finally used the route to stop him
<br />>
/sbin/route add -host 213.80.73.45 reject
<br />>
suggested by both Ken Marcus and Larry Smith.
<br />>
That did stop him
<br /><b>------- End of Original Message
-------
<br />
<br /></b><font size="3">The reason your Iptables firewall rule didn't work - I think you had it in wrong.
<br />
<br />From your output above - it appears you had it in dropping all packets <span style="text-decoration: underline;">FROM 213.80.73.45</span> that were going <span style="text-decoration: underline;">TO 213.80.73.45</span>. Since traffic doesn't go through your box to get TO that address - it didn't match anything and had no effect. You must have the rule set to drop packets <span style="text-decoration: underline;">FROM 213.80.73.45</span> and <span style="text-decoration: underline;">TO anything</span>. That way, nothing from that address will get into your box - no matter what IP its addressed to.
<br />
<br />And as I mentioned, too many times I've blocked a single IP - to have hacking attempts start again from a neighboring IP. Its not unusual for multiple machines to be exploited in a company, or to have someone with access to multiple machines mis-use them. So I always block the entire /24 network by default.
<br />
<br />The rule I suggested should have worked:
<br />
<br /></font></font><font face="Geneva, Arial, Helvetica"><font size="2"><font size="3">/sbin/iptables
-I acctin 1 -s 213.80.73.0/24 -j DROP
</font></font></font>
<br /><font size="2"><font size="3">
<br />That would insert a rule at the top of the inbound packet table (acctin) that drops all packets sourced from the network 213.80.74.0/24 (213.80.73.0->213.80.73.255).
<br />
<br />
<br />
<br />Chuck
<br />
<br />
<br />
<br /></font><b>
<br /></b>
</font>
</BODY>
</HTML>