From: Gregory Nowak <greg@romuald.net.eu.org>
To: "Speakup is a screen review system for Linux." <speakup@braille.uwo.ca>
Subject: Re: hacking attempts
Date: Sun, 11 Feb 2007 10:30:40 -0700 [thread overview]
Message-ID: <20070211173040.GA5768@localhost.localdomain> (raw)
In-Reply-To: <20070211161000.GA31372@sunset.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Blocking the ip would not be very useful, since most ips are dynamic
these days.
Greg
On Sun, Feb 11, 2007 at 08:10:00AM -0800, Ralph W. Reid wrote:
> If all of the attempts were from the same IP, you can block traffic
> from an IP address with something like:
>
> iptables --append INPUT -p udb -s <IP_ADDR> -j DROP
>
> replacing <IP_ADDR> with the offending IP address. This idea might be
> overly simple for what you really should do for some firewalling--you
> might have to start learning iptables after all. What exactly do you
> mean by the IP range of 22 to 249 anyway--was this part of the IP
> address from where the scan originated?
>
> If the udp port in question is not to be used from outside your system
> in any case, a simple block of that port could look something like:
>
> iptables --append INPUT -p udp -i eth0 --destination-port <PORTNUM> -j DROP
>
> where <PORTNUM> is the number of the port you wish to block, and eth0
> represents ethernet port 0 (change as your system requires).
> Depending on the requirements for your system, this might be too
> simple of an approach as well--you will have to decide.
>
> Also, that kind of scan seems to be highly unsophisticated, so it
> might have been run by a 'kiddie script'. Since the individual who
> ran it does not appear to be very experienced at scanning systems,
> contacting the systems administrator of the company where the scan
> came from might be in order--samples of your system logs could give
> the powers that be at that ISP/company a clue as to the individual or
> system which originated the scan, and they can then take appropriate
> action as needed.
>
> HTH, and have a great day.
>
- --
web site: http://www.romuald.net.eu.org
gpg public key: http://www.romuald.net.eu.org/pubkey.asc
skype: gregn1
(authorization required, add me to your contacts list first)
- --
Free domains: http://www.eu.org/ or mail dns-manager@EU.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFz1LA7s9z/XlyUyARAjlAAKDAwxb3HzHw/WxAXCkw1sb7b4LEEACghsFC
Ln/fzlfhywzvH99sv8cWSj0=
=cnbD
-----END PGP SIGNATURE-----
next prev parent reply other threads:[~ UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
Littlefield, tyler
` Lorenzo Taylor
` Littlefield, tyler
` Littlefield, tyler
` Doug Sutherland
` Ralph W. Reid
` Littlefield, tyler
` Ralph W. Reid
` Gregory Nowak [this message]
Jude DaShiell
` Doug Sutherland
` Janina Sajka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070211173040.GA5768@localhost.localdomain \
--to=greg@romuald.net.eu.org \
--cc=speakup@braille.uwo.ca \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).