I had the same issue. My policy drops unwanted traffic already, but it notifies me every time it does. This is what I want normally. However, there's SO much coming from Asia, I've added the following rules. This way, drops from addresses issued from APNIC never show up in my log.
DROP net:61.0.0.0/8 fw tcp - - DROP net:202.0.0.0/7 fw tcp - - DROP net:210.0.0.0/7 fw tcp - - DROP net:218.0.0.0/7 fw tcp - - DROP net:220.0.0.0/7 fw tcp - - DROP net:169.208.0.0/12 fw tcp - - ~Brandon On Tue, 2003-01-14 at 18:09, Mark Weaver wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wednesday 15 January 2003 12:29 am, Robin Turner scribbled incoherently: > > Richard Babcock wrote: > > > Interesting article in my local paper. > > > > > > > > > http://www.startribune.com/stories/535/3582809.html > > > > Looks like we got our user base! > > > > Sir Robin > > That would certainly explain all the crack attempts at my system over the last > few months. Hell! I don't even bother going to the whois query servers any > more I've become so familiar with the IP addy's that are showing up in my log > files. I just write the owner of the netblock and tell'em to put those dogs > on a shorter leash cause I don't like'em screwin around at the doors trying > to find a weakness somewhere. > - -- > Mark > - ----------------------------------------------------------- > Paid for by Penguins against modern appliances(R) > Linux User Since 1996 > Powered by Mandrake Linux 8.2 & 9.0 > ICQ# 27816299 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (GNU/Linux) > > iD8DBQE+JMLTJuZ1geTzHgERAqe6AKDug8UBepjJlDfeyJFwBwL0s9r/YwCfQY1o > jVf29ynKmxjJRf/7BLFvLuo= > =idd6 > -----END PGP SIGNATURE----- > > > ---- > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com
signature.asc
Description: This is a digitally signed message part