I have a personal firewall set up on my Winbloze box. As soon as I made it active I noticed I was being scanned constantly from a machine with the same DNS. After four hours, I used ARIN to find the DNS and Netblock owners and sent appropriate messages. I haven't been bothered over much since. The next day I checked my system for open ports at www.grc.com to verify I was running in a secure "stealth" mode. The good news is that this free firewall fouls scanner attempts and allows me to secure the most common open ports. The bad news is that ports in the much higher numbers remain open, and is the reason I am building a box specifically for a Linux firewall. I previously contacted the folks at ALTER net and sent logs. They were most helpful as they don't like hackers and spammers either. Pj bill wrote: > > On Wed, 29 Nov 2000, gene wrote: > > > There is an ip number that started showing up in my postfix logs > > as trying to access my smtp server (and access was apparently > > denied each time). I assumed that someone was trying to use > > my machine as a relay. To make sure that they can't get through, > > I blocked the ip address using ipchains. In one day, I now > > see over 600 failed attempts to access my computer. Should I > > just ignore this now that ipchains is blocking them, or is this > > something that should worry me. > > > > More details: > > ipchains message (my ip # x-ed out to protect the innocent): > > Nov 28 23:59:07 duck kernel: Packet log: input DENY eth1 PROTO=1 > > 63.98.105.3:8 208.xxx.xxx.xx1:0 L=60 S=0x00 I=6793 F=0x0000 T=114 (#1) > > > > nslookup for 63.98.105.3 gives nothing. > > traceroute ends at readersdigest-gw.customer.alter.net (157.130.210.42) > > > > You may want to ask Civileme at mandrakeuser forum if you dont get a > response from this list concerning how to get it touch with the culprits > ISP.He is quite knowledgable about those kinds of issues, an=mong other > things. The RED Hat List used to have all kinds of hacked notices and > several of their authorities were very helpful as well. > > Perhaps the Mandrake Folks could have a place to input problems like > some of us have. I know there is a Mandrake Security Group or List out > there but I think it mostly deals with things like that wuftpd flaw. > Why they still use it as a default ftp server on their CD's I am > somewhat puzzled !? > > Wish I actually had a concrete answer > > William Bouterse > Talkeetna > > --------------------------------------------------------------- > Keep in touch with http://mandrakeforum.com: > Subscribe the "[EMAIL PROTECTED]" mailing list.
Keep in touch with http://mandrakeforum.com: Subscribe the "[EMAIL PROTECTED]" mailing list.
