[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Same IP scan again and again and again
- Subject: Re: [cobalt-security] Same IP scan again and again and again
- From: "Andy Clyde, oxfordmusic.net" <cobalt-security@xxxxxxxxxxxxxxx>
- Date: Tue, 15 Jul 2003 17:39:06 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> >
> > I am sick to death of getting this:
> >
> > Active System Attack Alerts
> > =-=-=-=-=-=-=-=-=-=-=-=-=-=
> > Jul 15 16:49:17 ns1 portsentry[1216]: attackalert: Connect from host:
> > 63.215.251.101/63.215.251.101 to UDP port: 135 Jul 15
> > 16:49:17 ns1 portsentry[1216]: attackalert: Host:
> > 63.215.251.101 is already blocked. Ignoring
> >
> > OK so its not actually getting through, but this same IP
> > address (level3
> > apparently) has been doing this every 15 minutes for hours on
> > end for weeks. I have told level3 about it countless times,
> > but they don't even acknowledge my emails. Any ideas as to
> > what I can do?
> > What are they up to?
> >
> Block the port number completely
>
ipchains -A input -p tcp --dport 135 -j DENY
should do the job if you're on a RaQ4.
andy