hacking attempts
Littlefield, tyler
compgeek13 at gmail.com
Sun Feb 11 11:32:28 EST 2007
it was spoofed.
Thanks,
Tyler Littlefield
Unlimited horizons head coder.
check out our website:
tysplace.homelinux.net
msn: compgeek134 at hotmail.com
aim: st8amnd2005
skype: st8amnd127
----- Original Message -----
From: Ralph W. Reid <rreid at sunset.net>
To: Speakup is a screen review system for Linux. <speakup at braille.uwo.ca>
Sent: Sunday, February 11, 2007 9:10 AM
Subject: Re: hacking attempts
> If all of the attempts were from the same IP, you can block traffic
> from an IP address with something like:
>
> iptables --append INPUT -p udb -s <IP_ADDR> -j DROP
>
> replacing <IP_ADDR> with the offending IP address. This idea might be
> overly simple for what you really should do for some firewalling--you
> might have to start learning iptables after all. What exactly do you
> mean by the IP range of 22 to 249 anyway--was this part of the IP
> address from where the scan originated?
>
> If the udp port in question is not to be used from outside your system
> in any case, a simple block of that port could look something like:
>
> iptables --append INPUT -p udp -i eth0 --destination-port <PORTNUM> -j
DROP
>
> where <PORTNUM> is the number of the port you wish to block, and eth0
> represents ethernet port 0 (change as your system requires).
> Depending on the requirements for your system, this might be too
> simple of an approach as well--you will have to decide.
>
> Also, that kind of scan seems to be highly unsophisticated, so it
> might have been run by a 'kiddie script'. Since the individual who
> ran it does not appear to be very experienced at scanning systems,
> contacting the systems administrator of the company where the scan
> came from might be in order--samples of your system logs could give
> the powers that be at that ISP/company a clue as to the individual or
> system which originated the scan, and they can then take appropriate
> action as needed.
>
> HTH, and have a great day.
>
> On Sat, Feb 10, 2007 at 10:09:00AM -0700, Littlefield, tyler wrote:
> > Hello list,
> > I just had someone bomb the hell out of my system on a udp port, moving
from ip of 22 to 249.
> > My logwatch was huge.
> > Is there a way I can block things like this?
> > I'm not sure how to set up iptables, and don't really have a whole lot
of time to go through a huge 300000 page tutorial.
> > Thanks,
> > Tyler Littlefield
> > Unlimited horizons head coder.
> > check out our website:
> > tysplace.homelinux.net
> > msn: compgeek134 at hotmail.com
> > aim: st8amnd2005
> > skype: st8amnd127
>
> --
> Ralph. N6BNO. Wisdom comes from central processing, not from I/O.
> rreid at sunset.net http://personalweb.sunset.net/~rreid
> ...passing through The City of Internet at the speed of light...
> COSECANT (x) = COTAN (x) / TAN (x)
>
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
More information about the Speakup
mailing list