Re: Intrusion Attempts
or use tcpwrappers and block them all together, or better yet,
use Iptables and write a rule.
On Tuesday 03 December 2002 21:05, Phillip Hofmeister wrote:
> On Tue, 03 Dec 2002 at 09:19:28PM -0500, Trawets53@aol.com wrote:
> > Hi. Can you help me. Who do I report the above to. I have 2 firewalls
> > running and tonight I was attacked from the same address 172 times in
> > less than an hour. These people want banning off the net. It is certainly
> > a violation of my privacy. A dozen times is an excuse but 172, I ask you.
> > Please come back.
> You can usually find the domain associated with the ip by doing a
> reverse lookup:
> dig -x ipaddress
> Make sure to take the results from your lookup above and look that up to
> make sure they match.
> I do this first:
> dig -x 127.0.0.1
> and get:
> 126.96.36.199.in-addr.arpa. 604800 IN PTR localhost.
> then I:
> dig localhost
> and I get:
> localhost. 604800 IN A 127.0.0.1
> They match, wonderful. Now I go to www.localhost and see if they have
> an address to report logs of undesireables to. If not I'll:
> dig localhost SOA
> and get:
> localhost. 604800 IN SOA localhost.
> root.localhost. 1 604800 86400 2419200 604800
> hmm...root.localhost, I bet you he can at least forward the email to the
> right person (since they are too lame to list that person on their
> web site).
> If all else fails do a whois lookup on the IP
> whois ipaddress
> and find one of the contacts listed there and bug them :)
> There is always an iptables blacklist you can set up and block the
> entire 24 (or 16, ouch) bit network if the admins do not take care of
> the undesireables.
Daniel J. Rychlik