Hello All, I am seeing lots of this kind of scanning flood attack from different IP within my network and even from outside. How can I stop and protect from this kind of attack? Any specific iptables rule-set or clue would be appreciated. ---------Log from clients Dlink Router--------------------- Thu Apr 28 10:39:07 2005 Unrecognized attempt blocked from 192.168.25.208:3113 to TCP port 1025 Thu Apr 28 10:39:09 2005 Unrecognized attempt blocked from 192.168.25.208:3113 to TCP port 1025 Thu Apr 28 10:39:52 2005 Unrecognized attempt blocked from 192.168.25.208:3345 to TCP port 6129 Thu Apr 28 10:39:56 2005 Unrecognized attempt blocked from 192.168.25.208:3345 to TCP port 6129 Thu Apr 28 10:40:01 2005 Unrecognized attempt blocked from 192.168.25.208:3345 to TCP port 6129 Thu Apr 28 10:40:12 2005 Unrecognized attempt blocked from 192.168.25.208:3450 to TCP port 80 Thu Apr 28 10:40:20 2005 Unrecognized attempt blocked from 192.168.25.208:3450 to TCP port 80 Thu Apr 28 10:40:32 2005 Unrecognized attempt blocked from 192.168.25.208:3568 to TCP port 443 Thu Apr 28 10:40:35 2005 Unrecognized attempt blocked from 192.168.25.208:3568 to TCP port 443 Thu Apr 28 10:40:44 2005 Unrecognized attempt blocked from 192.168.25.208:3568 to TCP port 443 ---------Log from clients Dlink Router--------------------- Regards, Rikunj
