From: "Littlefield, tyler" <compgeek13@gmail.com>
To: "Speakup is a screen review system for Linux." <speakup@braille.uwo.ca>
Subject: Re: hacking attempts
Date: Sun, 11 Feb 2007 09:32:28 -0700 [thread overview]
Message-ID: <00aa01c74dfa$3d73a3e0$6401a8c0@development> (raw)
In-Reply-To: <20070211161000.GA31372@sunset.net>
it was spoofed.
Thanks,
Tyler Littlefield
Unlimited horizons head coder.
check out our website:
tysplace.homelinux.net
msn: compgeek134@hotmail.com
aim: st8amnd2005
skype: st8amnd127
----- Original Message -----
From: Ralph W. Reid <rreid@sunset.net>
To: Speakup is a screen review system for Linux. <speakup@braille.uwo.ca>
Sent: Sunday, February 11, 2007 9:10 AM
Subject: Re: hacking attempts
> If all of the attempts were from the same IP, you can block traffic
> from an IP address with something like:
>
> iptables --append INPUT -p udb -s <IP_ADDR> -j DROP
>
> replacing <IP_ADDR> with the offending IP address. This idea might be
> overly simple for what you really should do for some firewalling--you
> might have to start learning iptables after all. What exactly do you
> mean by the IP range of 22 to 249 anyway--was this part of the IP
> address from where the scan originated?
>
> If the udp port in question is not to be used from outside your system
> in any case, a simple block of that port could look something like:
>
> iptables --append INPUT -p udp -i eth0 --destination-port <PORTNUM> -j
DROP
>
> where <PORTNUM> is the number of the port you wish to block, and eth0
> represents ethernet port 0 (change as your system requires).
> Depending on the requirements for your system, this might be too
> simple of an approach as well--you will have to decide.
>
> Also, that kind of scan seems to be highly unsophisticated, so it
> might have been run by a 'kiddie script'. Since the individual who
> ran it does not appear to be very experienced at scanning systems,
> contacting the systems administrator of the company where the scan
> came from might be in order--samples of your system logs could give
> the powers that be at that ISP/company a clue as to the individual or
> system which originated the scan, and they can then take appropriate
> action as needed.
>
> HTH, and have a great day.
>
> On Sat, Feb 10, 2007 at 10:09:00AM -0700, Littlefield, tyler wrote:
> > Hello list,
> > I just had someone bomb the hell out of my system on a udp port, moving
from ip of 22 to 249.
> > My logwatch was huge.
> > Is there a way I can block things like this?
> > I'm not sure how to set up iptables, and don't really have a whole lot
of time to go through a huge 300000 page tutorial.
> > Thanks,
> > Tyler Littlefield
> > Unlimited horizons head coder.
> > check out our website:
> > tysplace.homelinux.net
> > msn: compgeek134@hotmail.com
> > aim: st8amnd2005
> > skype: st8amnd127
>
> --
> Ralph. N6BNO. Wisdom comes from central processing, not from I/O.
> rreid@sunset.net http://personalweb.sunset.net/~rreid
> ...passing through The City of Internet at the speed of light...
> COSECANT (x) = COTAN (x) / TAN (x)
>
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
next prev parent reply other threads:[~ UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
Littlefield, tyler
` Lorenzo Taylor
` Littlefield, tyler
` Littlefield, tyler
` Doug Sutherland
` Ralph W. Reid
` Littlefield, tyler [this message]
` Ralph W. Reid
` Gregory Nowak
Jude DaShiell
` Doug Sutherland
` Janina Sajka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='00aa01c74dfa$3d73a3e0$6401a8c0@development' \
--to=compgeek13@gmail.com \
--cc=speakup@braille.uwo.ca \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).