Re: Intrusion Attempts
or use tcpwrappers and block them all together, or better yet,
use Iptables and write a rule.
g'times
dan
On Tuesday 03 December 2002 21:05, Phillip Hofmeister wrote:
> On Tue, 03 Dec 2002 at 09:19:28PM -0500, Trawets53@aol.com wrote:
> > Hi. Can you help me. Who do I report the above to. I have 2 firewalls
> > running and tonight I was attacked from the same address 172 times in
> > less than an hour. These people want banning off the net. It is certainly
> > a violation of my privacy. A dozen times is an excuse but 172, I ask you.
> > Please come back.
>
> You can usually find the domain associated with the ip by doing a
> reverse lookup:
>
> dig -x ipaddress
>
> Make sure to take the results from your lookup above and look that up to
> make sure they match.
>
> IE:
>
> I do this first:
> dig -x 127.0.0.1
>
> and get:
> 1.0.0.127.in-addr.arpa. 604800 IN PTR localhost.
>
> then I:
>
> dig localhost
>
> and I get:
> localhost. 604800 IN A 127.0.0.1
>
> They match, wonderful. Now I go to www.localhost and see if they have
> an address to report logs of undesireables to. If not I'll:
>
> dig localhost SOA
> and get:
>
> localhost. 604800 IN SOA localhost.
> root.localhost. 1 604800 86400 2419200 604800
>
> hmm...root.localhost, I bet you he can at least forward the email to the
> right person (since they are too lame to list that person on their
> web site).
>
> If all else fails do a whois lookup on the IP
>
> whois ipaddress
>
> and find one of the contacts listed there and bug them :)
>
>
> There is always an iptables blacklist you can set up and block the
> entire 24 (or 16, ouch) bit network if the admins do not take care of
> the undesireables.
>
> Regards,
--
Daniel J. Rychlik
Java/Perl Developer
http://daniel.rychlik.ws
Reply to: