Tony - an excellent point; I'm not blacklisting yet, but you can be sure that this will be my "trial by fire." And thanks to Julian, for his web link and good detective work.
Things have calmed down some - probably because they're getting zero response form the DROPped packets. That's obviously the advantage over REJECT. Thanks again. Regards, joe. ----- Original Message ----- From: Tony <[EMAIL PROTECTED]> Date: Tue, 07 Oct 2003 07:31:46 -0400 To: Subject: Re: [leaf-user] Firewall Getting Hammered. > Joe, > > Are you implementing a blacklist with Shorewall? Just add the offending > SRC addys to your list and refresh. If they're spamming you with > Messenger spam, why would you want them connecting to any legitimate > services you have running? > > I figure if they're lowlifes to begin with, they can do without knowing > our servers exist. > > Good Luck > > Tony > > > > Julian Church wrote: > > > Hi Joe > > > > On Mon, 06 Oct 2003 20:23:58 -0500, j d <[EMAIL PROTECTED]> wrote: > > > >> Anyway, in the last two days I've had a lot of hits on my external > >> eth0 from these two sources (x.x.x.x is my eth0 address leased from > >> the upstream DNS server via pump): > >> > >> Oct 5 07:43:33 cerberus Shorewall:net2all:DROP: IN=eth0 OUT= > >> MAC=00:00:bc:11:17:0c:00:04:28:25:9c:54:08:00 SRC=61.143.182.138 > >> DST=x.x.x.x LEN=550 TOS=00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP > >> SPT=30110 DPT=1026 LEN=530 > >> > >> and > >> > >> Oct 5 08:02:58 cerberus Shorewall:net2all:DROP: IN=eth0 OUT= > >> MAC=00:00:bc:11:17:0c:00:04:28:25:9c:54:08:00 SRC=210.5.22.10 > >> DST=x.x.x.x LEN=367 TOS=00 PREC=0x00 TTL=242 ID=620 PROTO=UDP > >> SPT=32775 DPT=1026 LEN=347 > > > > > > A few informative links here: > > > > http://www.google.com/search?q=UDP+1026 > > > > Looks like M$ Messenger Service spam. > > > > cheers > > > > Julian > > > > > > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > ------------------------------------------------------------------------ > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html -- __________________________________________________________ Sign-up for your own personalized E-mail at Mail.com http://www.mail.com/?sr=signup CareerBuilder.com has over 400,000 jobs. Be smarter about your job search http://corp.mail.com/careers ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
