"Sean E. Covel" wrote: > Is this what they call FireWalking? This is my welcome to the new ATTBI > network. Got more of these than Nimda or Code Red hits. Goes on for > pages. 1888 today. Any thoughts? > > Dec 8 20:50:12 c1240165-a kernel: Packet log: input DENY eth0 PROTO=6 > 194.205.125.26:32881 12.243.228.133:53 L=44 S=0x00 I=0 F=0x0000 T=242 > (#42) > Dec 8 20:50:12 c1240165-a kernel: Packet log: input DENY eth0 PROTO=6 > 216.220.39.42:59118 12.243.228.133:53 L=44 S=0x00 I=0 F=0x0000 T=236 > (#42) > Dec 8 20:50:12 c1240165-a kernel: Packet log: input DENY eth0 PROTO=6 > 64.56.174.186:30087 12.243.228.133:53 L=44 S=0x00 I=0 F=0x0000 T=238 > (#42) > Dec 8 20:50:12 c1240165-a kernel: Packet log: input DENY eth0 PROTO=6 > 202.139.133.129:53767 12.243.228.133:53 L=44 S=0x00 I=0 F=0x0000 T=235 > (#42) > Dec 8 20:50:12 c1240165-a kernel: Packet log: input DENY eth0 PROTO=6 > 203.194.166.182:51122 12.243.228.133:53 L=44 S=0x00 I=0 F=0x0000 T=231 > (#42) > Dec 8 20:50:12 c1240165-a kernel: Packet log: input DENY eth0 PROTO=6 > 62.26.119.34:58275 12.243.228.133:53 L=44 S=0x00 I=0 F=0x0000 T=242 > (#42) > Dec 8 20:50:12 c1240165-a kernel: Packet log: input DENY eth0 PROTO=6 > 194.213.64.150:21170 12.243.228.133:53 L=44 S=0x00 I=0 F=0x0000 T=237 > (#42) > Dec 8 20:50:12 c1240165-a kernel: Packet log: input DENY eth0 PROTO=6 > 203.208.128.70:12351 12.243.228.133:53 L=44 S=0x00 I=0 F=0x0000 T=242 > (#42) > > BTW, I just switch from ESB2 to Dachstein CD. Went SOOOOOOOO smooth! > Nice to have MAJOR storage, and FAST boots. Charles, you are a GOD. > The partial backup scheme was not too confusing. Only took 3 tries to > get the partial and destination settings correct. I added PortSentry > (on my floppy backup). I think once I'm happy with the setup, I'm going > to do a full backup of everything onto diskette, then dump the CD to a > hard drive. Overlay the HD with the diskette backups, and burn a new > CD. The point is a completely custom setup that boots CD only! Nice > job!
This is some crazy method of geographic load balancing. A whole lot of boxes use TCP port 53 simultaneously to find out what part of the world. That way they direct you to a local mirror. Some of the camera ads use this junk. Since I also switched to Dachstein CD I blocked it without logging using the SILENT_DENY function in /etc/network.conf. The number and IPs of the machines in this port 53 network changes from time to time. This is the current list I have that seems to get me pretty regularly. If you choose SILENT_DENY uncomment the line and ad the bad boys like tcp_ip.of.the.idiot_53 next box etc. Just cut and past my list if you want. # grep "SILENT_DENY" /etc/network.conf SILENT_DENY="tcp_64.78.235.14_53 tcp_64.56.174.186_53 tcp_64.37.200.46_53 tcp_64.14.200.154_53 tcp_62.26.119.34_53 tcp_62.23.80.2_53 tcp_216.35.167.58_53 tcp_216.34.68.2_53 tcp_216 .33.35.214_53 tcp_216.220.39.42_53 tcp_212.78.160.237_53 tcp_203.208.128.70 tcp_203.194.166.182_53 tcp_202.139.133.129_53 tcp_194.213.64.150_53 tcp_194.205.125.26_53" then do svi network reload if it works for you then backup etc. -- Victor McAllister _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
