From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from 66-197-195-53.hostnoc.net ([66.197.195.53] helo=mainserver.shaned.net) by speech.braille.uwo.ca with esmtp (Exim 3.36 #1 (Debian)) id 1HGHe9-0005sy-00 for ; Sun, 11 Feb 2007 11:33:49 -0500 Received: from ip-206-123-194-13.static.fasttrackcomm.net ([206.123.194.13] helo=development) by mainserver.shaned.net with smtp (Exim 4.63) (envelope-from ) id 1HGHe3-0008Q7-1x for speakup@braille.uwo.ca; Sun, 11 Feb 2007 11:33:43 -0500 Message-ID: <00aa01c74dfa$3d73a3e0$6401a8c0@development> From: "Littlefield, tyler" To: "Speakup is a screen review system for Linux." References: <007501c74d36$296e0f80$6401a8c0@development> <20070211161000.GA31372@sunset.net> Subject: Re: hacking attempts Date: Sun, 11 Feb 2007 09:32:28 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MIMEOLE: Produced By Microsoft MimeOLE V5.00.2615.200 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - mainserver.shaned.net X-AntiAbuse: Original Domain - braille.uwo.ca X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - gmail.com X-Source: X-Source-Args: X-Source-Dir: X-BeenThere: speakup@braille.uwo.ca X-Mailman-Version: 2.1.9 Precedence: list Reply-To: "Littlefield, tyler" , "Speakup is a screen review system for Linux." List-Id: "Speakup is a screen review system for Linux." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Feb 2007 16:33:49 -0000 it was spoofed. Thanks, Tyler Littlefield Unlimited horizons head coder. check out our website: tysplace.homelinux.net msn: compgeek134@hotmail.com aim: st8amnd2005 skype: st8amnd127 ----- Original Message ----- From: Ralph W. Reid To: Speakup is a screen review system for Linux. Sent: Sunday, February 11, 2007 9:10 AM Subject: Re: hacking attempts > If all of the attempts were from the same IP, you can block traffic > from an IP address with something like: > > iptables --append INPUT -p udb -s -j DROP > > replacing with the offending IP address. This idea might be > overly simple for what you really should do for some firewalling--you > might have to start learning iptables after all. What exactly do you > mean by the IP range of 22 to 249 anyway--was this part of the IP > address from where the scan originated? > > If the udp port in question is not to be used from outside your system > in any case, a simple block of that port could look something like: > > iptables --append INPUT -p udp -i eth0 --destination-port -j DROP > > where is the number of the port you wish to block, and eth0 > represents ethernet port 0 (change as your system requires). > Depending on the requirements for your system, this might be too > simple of an approach as well--you will have to decide. > > Also, that kind of scan seems to be highly unsophisticated, so it > might have been run by a 'kiddie script'. Since the individual who > ran it does not appear to be very experienced at scanning systems, > contacting the systems administrator of the company where the scan > came from might be in order--samples of your system logs could give > the powers that be at that ISP/company a clue as to the individual or > system which originated the scan, and they can then take appropriate > action as needed. > > HTH, and have a great day. > > On Sat, Feb 10, 2007 at 10:09:00AM -0700, Littlefield, tyler wrote: > > Hello list, > > I just had someone bomb the hell out of my system on a udp port, moving from ip of 22 to 249. > > My logwatch was huge. > > Is there a way I can block things like this? > > I'm not sure how to set up iptables, and don't really have a whole lot of time to go through a huge 300000 page tutorial. > > Thanks, > > Tyler Littlefield > > Unlimited horizons head coder. > > check out our website: > > tysplace.homelinux.net > > msn: compgeek134@hotmail.com > > aim: st8amnd2005 > > skype: st8amnd127 > > -- > Ralph. N6BNO. Wisdom comes from central processing, not from I/O. > rreid@sunset.net http://personalweb.sunset.net/~rreid > ...passing through The City of Internet at the speed of light... > COSECANT (x) = COTAN (x) / TAN (x) > > _______________________________________________ > Speakup mailing list > Speakup@braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup