[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] ipchains question

Subject: [cobalt-users] ipchains question
From: "Andy Clyde, oxfordmusic.net" <andy.clyde@xxxxxxxxxxxxxxx>
Date: Thu Nov 28 09:35:01 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

not strictly a cobalt-specific question but i'm not sure where best to ask
this (if there's a good ipchains mailing list, let me know!)

just getting to grips with ipchains. i have a server scanning me every 8
seconds:
[from the log file]
Nov 27 04:57:09 ns portsentry[1302]: attackalert: UDP scan from host:
xx.xx.xx.xx/xx.xx.xx.xx to UDP port: 68
Nov 27 04:57:09 ns portsentry[1302]: attackalert: Host:
xx.xx.xx.xx/xx.xx.xx.xx is already blocked Ignoring

they're hosted by the same ISP as me and i've tried mailing them directly,
contacting the ISP but i can't make them stop.
after fiddling about with logcheck, i reckoned i'd be better off just
blocking the packets with ipchains so they don't clutter up my machine.

i've tried to block them with the following command:
ipchains -A input -p UDP -i eth0 -s xx.xx.xx.xx bootpc -j DENY
which looks like this when i do ipchains -L

target     prot opt     source                destination           ports
DENY       udp  ------  xx.xx.xx.xx       anywhere              bootpc ->
any

(bootpc is the service that runs on port 68)
it seemed to work at first but has now stopped working and my log files are
full again.

what have i done wrong??

cheers

andy

Prev by Date: Re: [cobalt-users] CMU on a RaQ550
Next by Date: Re: [cobalt-users] How can I direct mail on Qube3 base on Envelope-to address
Previous by thread: [cobalt-users] RE: cobalt-users digest, Vol 1 #5300 - 17 msgs
Next by thread: [cobalt-users] raq4 colocation in UK

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index