From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from linserver.romuald.net.eu.org ([63.228.150.209]) by speech.braille.uwo.ca with esmtp (Exim 3.36 #1 (Debian)) id 1HGIXf-0006cl-00 for ; Sun, 11 Feb 2007 12:31:11 -0500 Received: (qmail 5817 invoked by uid 1000); 11 Feb 2007 10:30:40 -0700 Date: Sun, 11 Feb 2007 10:30:40 -0700 From: Gregory Nowak To: "Speakup is a screen review system for Linux." Subject: Re: hacking attempts Message-ID: <20070211173040.GA5768@localhost.localdomain> References: <007501c74d36$296e0f80$6401a8c0@development> <20070211161000.GA31372@sunset.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; x-action=pgp-signed Content-Disposition: inline In-Reply-To: <20070211161000.GA31372@sunset.net> X-PGP-Key: http://www.romuald.net.eu.org/pubkey.asc User-Agent: Mutt/1.5.13 (2006-08-11) X-BeenThere: speakup@braille.uwo.ca X-Mailman-Version: 2.1.9 Precedence: list Reply-To: "Speakup is a screen review system for Linux." List-Id: "Speakup is a screen review system for Linux." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Feb 2007 17:31:12 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Blocking the ip would not be very useful, since most ips are dynamic these days. Greg On Sun, Feb 11, 2007 at 08:10:00AM -0800, Ralph W. Reid wrote: > If all of the attempts were from the same IP, you can block traffic > from an IP address with something like: > > iptables --append INPUT -p udb -s -j DROP > > replacing with the offending IP address. This idea might be > overly simple for what you really should do for some firewalling--you > might have to start learning iptables after all. What exactly do you > mean by the IP range of 22 to 249 anyway--was this part of the IP > address from where the scan originated? > > If the udp port in question is not to be used from outside your system > in any case, a simple block of that port could look something like: > > iptables --append INPUT -p udp -i eth0 --destination-port -j DROP > > where is the number of the port you wish to block, and eth0 > represents ethernet port 0 (change as your system requires). > Depending on the requirements for your system, this might be too > simple of an approach as well--you will have to decide. > > Also, that kind of scan seems to be highly unsophisticated, so it > might have been run by a 'kiddie script'. Since the individual who > ran it does not appear to be very experienced at scanning systems, > contacting the systems administrator of the company where the scan > came from might be in order--samples of your system logs could give > the powers that be at that ISP/company a clue as to the individual or > system which originated the scan, and they can then take appropriate > action as needed. > > HTH, and have a great day. > - -- web site: http://www.romuald.net.eu.org gpg public key: http://www.romuald.net.eu.org/pubkey.asc skype: gregn1 (authorization required, add me to your contacts list first) - -- Free domains: http://www.eu.org/ or mail dns-manager@EU.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFz1LA7s9z/XlyUyARAjlAAKDAwxb3HzHw/WxAXCkw1sb7b4LEEACghsFC Ln/fzlfhywzvH99sv8cWSj0= =cnbD -----END PGP SIGNATURE-----