IpConfig/Blacklist Registry Key
NAME
IpConfig/Blacklist
DEFAULT
None
DESCRIPTION
This Registry key can define an optional text file containing client IP
addresses that are to be blocked. JANOS ignores packets from these clients
at the lowest level. The JNIOR becomes invisible to them.
The file is to contain one IP address per line. Any text following the IP
address is ignored. This may contain comments or other information. JANOS
monitors this Registry entry and the file it references. Any changes are
detected and immediately taken into effect.
The
NETSTAT sniffer identifies blocked packets using an asterisk character '*'
at the far left of the packet detail. These packets are considered to be
Noise and are not displayed when the NETSTAT -N option is used with the
sniffer. The blocked IP addresses will also be displayed with crossed-out font
in XTERM terminals supporting color.
The NETSTAT -B option outputs the current blacklist (if any) sorted either by
IP address (-B or -B1), by block count (-B2) or by last encountered data (-B3).
The output from this NETSTAT command may be edited (piped to
EDIT) and
reinserted as a new blacklist. In this manner only recent and/or active client
IP addresses may blocked.
NOTES
A separate application can monitor the access.log or other files in order to
detect and append malicious IP addresses to an active blacklist. We have
experimented with this. Contact INTEG for more information.
The
IpConfig/Greylisting feature can also be employed to greatly reduce
unwanted and potentially malicious connection attempts.
SEE ALSO
HELP Topics:
IpConfig/Greylisting,
NETSTAT
[/flash/manpages/registry.hlp:1030]