> > > > I am sick to death of getting this: > > > > Active System Attack Alerts > > =-=-=-=-=-=-=-=-=-=-=-=-=-= > > Jul 15 16:49:17 ns1 portsentry[1216]: attackalert: Connect from host: > > 63.215.251.101/63.215.251.101 to UDP port: 135 Jul 15 > > 16:49:17 ns1 portsentry[1216]: attackalert: Host: > > 63.215.251.101 is already blocked. Ignoring > > > > OK so its not actually getting through, but this same IP > > address (level3 > > apparently) has been doing this every 15 minutes for hours on > > end for weeks. I have told level3 about it countless times, > > but they don't even acknowledge my emails. Any ideas as to > > what I can do? > > What are they up to? > > > Block the port number completely >
ipchains -A input -p tcp --dport 135 -j DENY should do the job if you're on a RaQ4. andy _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
