If all of the attempts were from the same IP, you can block traffic from an IP address with something like: iptables --append INPUT -p udb -s <IP_ADDR> -j DROP replacing <IP_ADDR> with the offending IP address. This idea might be overly simple for what you really should do for some firewalling--you might have to start learning iptables after all. What exactly do you mean by the IP range of 22 to 249 anyway--was this part of the IP address from where the scan originated? If the udp port in question is not to be used from outside your system in any case, a simple block of that port could look something like: iptables --append INPUT -p udp -i eth0 --destination-port <PORTNUM> -j DROP where <PORTNUM> is the number of the port you wish to block, and eth0 represents ethernet port 0 (change as your system requires). Depending on the requirements for your system, this might be too simple of an approach as well--you will have to decide. Also, that kind of scan seems to be highly unsophisticated, so it might have been run by a 'kiddie script'. Since the individual who ran it does not appear to be very experienced at scanning systems, contacting the systems administrator of the company where the scan came from might be in order--samples of your system logs could give the powers that be at that ISP/company a clue as to the individual or system which originated the scan, and they can then take appropriate action as needed. HTH, and have a great day. On Sat, Feb 10, 2007 at 10:09:00AM -0700, Littlefield, tyler wrote: > Hello list, > I just had someone bomb the hell out of my system on a udp port, moving from ip of 22 to 249. > My logwatch was huge. > Is there a way I can block things like this? > I'm not sure how to set up iptables, and don't really have a whole lot of time to go through a huge 300000 page tutorial. > Thanks, > Tyler Littlefield > Unlimited horizons head coder. > check out our website: > tysplace.homelinux.net > msn: compgeek134 at hotmail.com > aim: st8amnd2005 > skype: st8amnd127 -- Ralph. N6BNO. Wisdom comes from central processing, not from I/O. rreid at sunset.net http://personalweb.sunset.net/~rreid ...passing through The City of Internet at the speed of light... COSECANT (x) = COTAN (x) / TAN (x)
