it was spoofed. Thanks, Tyler Littlefield Unlimited horizons head coder. check out our website: tysplace.homelinux.net msn: compgeek134 at hotmail.com aim: st8amnd2005 skype: st8amnd127 ----- Original Message ----- From: Ralph W. Reid <rreid@xxxxxxxxxx> To: Speakup is a screen review system for Linux. <speakup at braille.uwo.ca> Sent: Sunday, February 11, 2007 9:10 AM Subject: Re: hacking attempts > If all of the attempts were from the same IP, you can block traffic > from an IP address with something like: > > iptables --append INPUT -p udb -s <IP_ADDR> -j DROP > > replacing <IP_ADDR> with the offending IP address. This idea might be > overly simple for what you really should do for some firewalling--you > might have to start learning iptables after all. What exactly do you > mean by the IP range of 22 to 249 anyway--was this part of the IP > address from where the scan originated? > > If the udp port in question is not to be used from outside your system > in any case, a simple block of that port could look something like: > > iptables --append INPUT -p udp -i eth0 --destination-port <PORTNUM> -j DROP > > where <PORTNUM> is the number of the port you wish to block, and eth0 > represents ethernet port 0 (change as your system requires). > Depending on the requirements for your system, this might be too > simple of an approach as well--you will have to decide. > > Also, that kind of scan seems to be highly unsophisticated, so it > might have been run by a 'kiddie script'. Since the individual who > ran it does not appear to be very experienced at scanning systems, > contacting the systems administrator of the company where the scan > came from might be in order--samples of your system logs could give > the powers that be at that ISP/company a clue as to the individual or > system which originated the scan, and they can then take appropriate > action as needed. > > HTH, and have a great day. > > On Sat, Feb 10, 2007 at 10:09:00AM -0700, Littlefield, tyler wrote: > > Hello list, > > I just had someone bomb the hell out of my system on a udp port, moving from ip of 22 to 249. > > My logwatch was huge. > > Is there a way I can block things like this? > > I'm not sure how to set up iptables, and don't really have a whole lot of time to go through a huge 300000 page tutorial. > > Thanks, > > Tyler Littlefield > > Unlimited horizons head coder. > > check out our website: > > tysplace.homelinux.net > > msn: compgeek134 at hotmail.com > > aim: st8amnd2005 > > skype: st8amnd127 > > -- > Ralph. N6BNO. Wisdom comes from central processing, not from I/O. > rreid at sunset.net http://personalweb.sunset.net/~rreid > ...passing through The City of Internet at the speed of light... > COSECANT (x) = COTAN (x) / TAN (x) > > _______________________________________________ > Speakup mailing list > Speakup at braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup
