Index

Subject : Re: LUG: RoadRunner residential subnet mask IP filtering

From : Richard Carter <rwcarter@ncsu.[redacted]>

Date : Tue, 22 Dec 2009 23:46:53 -0500

Parent

A better idea might be to eliminate the need to do IP filtering? I presume you are filtering IP addresses to reduce the possibility of someone SSHing or brute forcing into your computer, correct? If this is the case, take a look at DenyHosts - http://denyhosts.sf.net/ . I installed it on my little dedicated server and it does effectively block SSH connections; after a few failed attempts at logging in as root, a machine is added to the iptables block list. Assuming there's no way someone can guess your password within a handful of tries, you would be secure.

If there is some other reason you're doing this, please share with me because I'd really like to know if I'm doing something wrong!


On Tue, Dec 22, 2009 at 11:00 PM, Kyle Bolton < kabolton@ncsu.[redacted] > wrote:
I think all this info should be in/on your modem. Can you get into it, like
a web interface? It'll tell you the ip and the subnet, and you can figure
out what you need from there.

that said, its completely dynamic, so expect it to possibly change subnets.

Kyle Bolton
CCNA-Cisco Certified Networking Associate
E115 Senior Instructor
ITECS EOS HelpDesk Consultant
North Carolina State University

-----Original Message-----
From: lug-owner@lists.ncsu.[redacted] [mailto: lug-owner@lists.ncsu.[redacted] ] On Behalf
Of Daniel Underwood
Sent: Tuesday, December 22, 2009 10:56 PM
To: LUG
Subject: LUG: RoadRunner residential subnet mask IP filtering

Hi Folks,

I regularly ssh into my office computer when working from home.  I've
set iptables to require an on-campus or NCSU VPN source IP address.
However, I'd like to restrict incoming ssh connections to a RoadRunner
residential subnet so I can avoid having to be routed through the VPN.

MY QUESTION: How, if at all, can I determine a RoadRunner residential
subnet mask encompassing my residence (and not all RR residential across
the nation, of course)?  Is this information available?  Anyone else
tried something like this before?

Thanks,
Daniel
--
Daniel Underwood
North Carolina State University
Graduate Student - Operations Research
email: daniel.underwood@ncsu.[redacted]
phone: XXX.302.3291
web: http://www4.ncsu.edu/~djunderw/



Replies :