Filtering IDS Packets
Subject:   ip still in weblog after filtering
Date:   2005-09-03 01:49:31
From:   nbox
using a filtering system built in to my hosting account which offers allow or deny to these operations HTTP FTP POP SMTP Other .
i denied all of these operations from an ip of

others include: - to name a few

but after denying and the others
i still see this ip showing in my weblogs coming from various domains. the lastest being
and other spawn pages off the same domain
yesterday it was same ip but different domain name
i used a trace route program to get some of the other ip's. but if i continue i am afraid i might block some desirable traffic to my website
like a hop ip or something.
any help ??

also that cleaned up filter talk about
-nXvs 0 tcp and host
was interesting. i was thinking of sticking that in my .htaccess file but then realized i would not be able to read the information it gave i am on a linux system

Main Topics Oldest First

Showing messages 1 through 1 of 1.

  • ip still in weblog after filtering
    2005-09-03 06:16:28  don_parker [View]

    Hi there,

    I think you may be confusing BPF filters with IP Tab les syntax. Per your post here it sounds as if you are trying to use BPF filters to deny or allow traffic to your webserver. This will not work as BPF filters are for packet collection, and not for filtering IP's as it pertains to website access. Does this clarify?