-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Blocking the ip would not be very useful, since most ips are dynamic these days. Greg On Sun, Feb 11, 2007 at 08:10:00AM -0800, Ralph W. Reid wrote: > If all of the attempts were from the same IP, you can block traffic > from an IP address with something like: > > iptables --append INPUT -p udb -s <IP_ADDR> -j DROP > > replacing <IP_ADDR> with the offending IP address. This idea might be > overly simple for what you really should do for some firewalling--you > might have to start learning iptables after all. What exactly do you > mean by the IP range of 22 to 249 anyway--was this part of the IP > address from where the scan originated? > > If the udp port in question is not to be used from outside your system > in any case, a simple block of that port could look something like: > > iptables --append INPUT -p udp -i eth0 --destination-port <PORTNUM> -j DROP > > where <PORTNUM> is the number of the port you wish to block, and eth0 > represents ethernet port 0 (change as your system requires). > Depending on the requirements for your system, this might be too > simple of an approach as well--you will have to decide. > > Also, that kind of scan seems to be highly unsophisticated, so it > might have been run by a 'kiddie script'. Since the individual who > ran it does not appear to be very experienced at scanning systems, > contacting the systems administrator of the company where the scan > came from might be in order--samples of your system logs could give > the powers that be at that ISP/company a clue as to the individual or > system which originated the scan, and they can then take appropriate > action as needed. > > HTH, and have a great day. > - -- web site: http://www.romuald.net.eu.org gpg public key: http://www.romuald.net.eu.org/pubkey.asc skype: gregn1 (authorization required, add me to your contacts list first) - -- Free domains: http://www.eu.org/ or mail dns-manager at EU.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFz1LA7s9z/XlyUyARAjlAAKDAwxb3HzHw/WxAXCkw1sb7b4LEEACghsFC Ln/fzlfhywzvH99sv8cWSj0= =cnbD -----END PGP SIGNATURE-----
