Bryan Phinney wrote:
On Thursday 17 June 2004 08:31 am, Lanman wrote:
For instance, I'm constantly getting people trying (and failing)to connect to my network from China, and Amsterdam. A quick check at "arin.net" tells me where it's coming from and allows me to block their IP's in my firewall. Afterwards, they're just a distant memory.
A lot of the China and Amsterdam hack attempts are coming through open proxies. That doesn't mean that it isn't necessary to block the attempts but putting them permanently in a firewall will eventually ban what might become legitimate traffic once the clueless admin figures out how to secure their system.
However, Your Server, Your Rules.
Brian; Thanks for the info above. I typically put them into my firewall rules and keep an eye on the connection attempts for a few weeks. Once they stop, I usually review my rules and try taking them out. If I don't get anymore hits from those subnets, then I leave it as is. If I do, the rules go back in. For whatever reason, I get very little spam, but I do get people trying to connect to my servers, and only authorized users are allowed in, so when I see connection attempts, i block the entire ISP's subnet, since many of the attempts are probably from dynamic IP addresses.
I don't disagree with what you said about legitimate traffic, but at the same time, I'm not willing to wait for clueless admins to get their heads out of their a$$e$. hence the firewall rules.
Thanks anyways.
Lanman
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
