I've had this same problem ever since I got my DSL hooked up back in september... Every day I get many port scans, IIS System32 commands sent to my webserver, Isapi overflows, and a whole slew of other stuff.... Most of these attacks come from other users from the same provider I use (directv DSL), some also come from elsewhere. I've tried contacting my provider, never got a response from them. So what I do to take care of this is read through the /etc/messages everyday before it is rotated, and add IP's of attacking systems to /etc/denylist, which is referenced in /etc/ipchains.input, and blocks any and all traffic from those IP's indefinitely, in the same manner as blocking those annoying tcp/53 floods. Currently working on getting a perl script to do this automatically, I'll update the list when I have it working for anyone interested.
_______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
