hacking attempts

Ralph W. Reid rreid at sunset.net
Sun Feb 11 11:10:00 EST 2007

If all of the attempts were from the same IP, you can block traffic
from an IP address with something like:

iptables --append INPUT -p udb -s <IP_ADDR> -j DROP

replacing <IP_ADDR> with the offending IP address.  This idea might be
overly simple for what you really should do for some firewalling--you
might have to start learning iptables after all.  What exactly do you
mean by the IP range of 22 to 249 anyway--was this part of the IP
address from where the scan originated?

If the udp port in question is not to be used from outside your system
in any case, a simple block of that port could look something like:

iptables --append INPUT -p udp -i eth0 --destination-port <PORTNUM> -j DROP

where <PORTNUM> is the number of the port you wish to block, and eth0
represents ethernet port 0 (change as your system requires).
Depending on the requirements for your system, this might be too
simple of an approach as well--you will have to decide.

Also, that kind of scan seems to be highly unsophisticated, so it
might have been run by a 'kiddie script'.  Since the individual who
ran it does not appear to be very experienced at scanning systems,
contacting the systems administrator of the company where the scan
came from might be in order--samples of your system logs could give
the powers that be at that ISP/company a clue as to the individual or
system which originated the scan, and they can then take appropriate
action as needed.

HTH, and have a great day.

On Sat, Feb 10, 2007 at 10:09:00AM -0700, Littlefield, tyler wrote:
> Hello list,
> I just had someone bomb the hell out of my system on a udp port, moving from ip of 22 to 249.
> My logwatch was huge.
> Is there a way I can block things like this?
> I'm not sure how to set up iptables, and don't really have a whole lot of time to go through a huge 300000 page tutorial.
> Thanks,
> Tyler Littlefield
> Unlimited horizons head coder.
> check out our website:
> tysplace.homelinux.net
> msn: compgeek134 at hotmail.com
> aim: st8amnd2005
> skype: st8amnd127

Ralph.  N6BNO.  Wisdom comes from central processing, not from I/O.
rreid at sunset.net  http://personalweb.sunset.net/~rreid
...passing through The City of Internet at the speed of light...
COSECANT (x) = COTAN (x) / TAN (x)

More information about the Speakup mailing list