Hi, In the last few days I have had some arseholes beating on my Bering box, sending 1000's of UDP packets at one port and such like. It filled the logs, but that was it. Then I blacklisted the IPs.
A few questions about this. ------------------------------ The denied packets were logged in messages, syslog and a third log that I forget the name of, the Daemon log I think. It ran out of space at 2500 denied messages. How can I make it only log to one of these files to save space? They beat on port 39967 (not *entirely* sure about that number), is that significant? Or was it just a failed DoS attack? ------------------------------ Something strange happened this morning. Last night a dozen IPs sent 360 odd packets to another port, round about 13300, but this morning the log was back down to 9 packets. This only *might* have been an attack, It could have something to do with me resuming my use of ICQ. Discounting PC crash and power cuts, could this be a sign of a successful attack? My PC is on at home right now and I'm a little worried. There is NO remote access to the firewall with no sshd or telnetd running. I have a couple of non-standard ports forwarded to my local IP, but so far nobody has scanned all my ports, just 2, possibly 3 occurrences of people beating on the 'wall. ------------------------------ How can I keep my firewall up to date with the latest security fixes? ------------------------------ I'm going to install LaBrea when I get home, a good idea, yes? Will it work on 2.4 kernels? ------------------------------ Argh, now I'm sitting at work panicking.... Cheers, Jim. ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
