On Fri 05 Oct at 02:48:02 -0500 [EMAIL PROTECTED] done said:
> [EMAIL PROTECTED] wrote:
> >
> > I've got a number of apparently MS nodes on the internet that were
> > victims of the recent worms that were going around. They keep hitting
> > my web server and are annoyingly filling up my logs.
> >
> > I was wondering if anyone knew of any way to refuse connections from
> > particular IPs. I'm running ipchains on a 2.4 series kernel. The
> > following is a line from my ipchains config file:
> >
> > ipchains -A input -p tcp -s 12.44.119.18 -d $OUTERNET 80 -j DENY
>
> Your ipchain rule is refusing connections on port 80. Are you asking how
> to not see it logging to one of your logs, and which log are you
> referring to? You do not have the "-l", so I would say you are not
> seeing refused connections in your syslog.
That's the thing. I thought it *would* be refusing connections to port
80, but it's not. I'm running snort along with logcheck so every hour,
it's just line after line of cmd.exe requests. Is there something I'm
missing, here?
Thanks,
-Charlie
--
GPG Key fingerprint = 4F36 EC4F 2F2C 5F59 9690 09E5 4C0F 9DB0 8623 53CE
"Cheshire-Puss," she began, "would you tell me, please, which way I
ought to go from here?"
"That depends a good deal on where you want to get to," said the Cat.
"I don't care much where--" said Alice.
"Then it doesn't matter which way you go," said the Cat.
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
