Our network is being hit by the following IP addresses in a very systematic
fashion - ie stepping through our bank of IP addresses and analysing
each of our ports.
Is anyone else receiving this attention and is there
anything specific we should be doing about it.
The following code has been cut from our IPCHAINS firewall - SuSE 6.4/2.2.14+
All advice will be gratefully received.
# REJECT/DENY access from rogue servers trying to hit us
${FW} -A inppp0 -s 203.63.239.1/32 -d 0.0.0.0/0 -j DENY -l
${FW} -A inppp0 -s 203.108.26.242/32 -d 0.0.0.0/0 -j DENY -l
${FW} -A inppp0 -s 207.102.98.241/32 -d 0.0.0.0/0 -j DENY -l
${FW} -A inppp0 -s 206.186.135.15/32 -d 0.0.0.0/0 -j DENY -l
${FW} -A inppp0 -s 192.219.249.199/32 -d 0.0.0.0/0 -j DENY -l
${FW} -A inppp0 -s 192.219.249.154/32 -d 0.0.0.0/0 -j DENY -l
${FW} -A inppp0 -s 207.35.181.69/32 -d 0.0.0.0/0 -j DENY -l
${FW} -A inppp0 -s 216.28.117.152/32 -d 0.0.0.0/0 -j DENY -l
${FW} -A inppp0 -s 216.28.230.244/32 -d 0.0.0.0/0 -j DENY -l
${FW} -A inppp0 -s 202.9.142.162/32 -d 0.0.0.0/0 -j DENY -l
${FW} -A inppp0 -s 202.31.233.57/32 -d 0.0.0.0/0 -j DENY -l
${FW} -A inppp0 -s 209.115.44.3/32 -d 0.0.0.0/0 -j DENY -l
${FW} -A inppp0 -s 206.183.224.8/32 -d 0.0.0.0/0 -j DENY -l
${FW} -A inppp0 -s 206.183.224.7/32 -d 0.0.0.0/0 -j DENY -l
${FW} -A inppp0 -s 206.183.226.10/32 -d 0.0.0.0/0 -j DENY -l
Regards,
Bruce.
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
