hacking attempts

Gregory Nowak greg at romuald.net.eu.org
Sun Feb 11 12:30:40 EST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Blocking the ip would not be very useful, since most ips are dynamic
these days.

Greg


On Sun, Feb 11, 2007 at 08:10:00AM -0800, Ralph W. Reid wrote:
> If all of the attempts were from the same IP, you can block traffic
> from an IP address with something like:
> 
> iptables --append INPUT -p udb -s <IP_ADDR> -j DROP
> 
> replacing <IP_ADDR> with the offending IP address.  This idea might be
> overly simple for what you really should do for some firewalling--you
> might have to start learning iptables after all.  What exactly do you
> mean by the IP range of 22 to 249 anyway--was this part of the IP
> address from where the scan originated?
> 
> If the udp port in question is not to be used from outside your system
> in any case, a simple block of that port could look something like:
> 
> iptables --append INPUT -p udp -i eth0 --destination-port <PORTNUM> -j DROP
> 
> where <PORTNUM> is the number of the port you wish to block, and eth0
> represents ethernet port 0 (change as your system requires).
> Depending on the requirements for your system, this might be too
> simple of an approach as well--you will have to decide.
> 
> Also, that kind of scan seems to be highly unsophisticated, so it
> might have been run by a 'kiddie script'.  Since the individual who
> ran it does not appear to be very experienced at scanning systems,
> contacting the systems administrator of the company where the scan
> came from might be in order--samples of your system logs could give
> the powers that be at that ISP/company a clue as to the individual or
> system which originated the scan, and they can then take appropriate
> action as needed.
> 
> HTH, and have a great day.
> 

- -- 
web site: http://www.romuald.net.eu.org
gpg public key: http://www.romuald.net.eu.org/pubkey.asc
skype: gregn1
(authorization required, add me to your contacts list first)

- --
Free domains: http://www.eu.org/ or mail dns-manager at EU.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFz1LA7s9z/XlyUyARAjlAAKDAwxb3HzHw/WxAXCkw1sb7b4LEEACghsFC
Ln/fzlfhywzvH99sv8cWSj0=
=cnbD
-----END PGP SIGNATURE-----




More information about the Speakup mailing list