Are you implementing a blacklist with Shorewall? Just add the offending SRC addys to your list and refresh. If they're spamming you with Messenger spam, why would you want them connecting to any legitimate services you have running?
I figure if they're lowlifes to begin with, they can do without knowing our servers exist.
Good Luck
Tony
Julian Church wrote:
Hi Joe
On Mon, 06 Oct 2003 20:23:58 -0500, j d <[EMAIL PROTECTED]> wrote:
Anyway, in the last two days I've had a lot of hits on my external eth0 from these two sources (x.x.x.x is my eth0 address leased from the upstream DNS server via pump):
Oct 5 07:43:33 cerberus Shorewall:net2all:DROP: IN=eth0 OUT= MAC=00:00:bc:11:17:0c:00:04:28:25:9c:54:08:00 SRC=61.143.182.138 DST=x.x.x.x LEN=550 TOS=00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=30110 DPT=1026 LEN=530
and
Oct 5 08:02:58 cerberus Shorewall:net2all:DROP: IN=eth0 OUT= MAC=00:00:bc:11:17:0c:00:04:28:25:9c:54:08:00 SRC=210.5.22.10 DST=x.x.x.x LEN=367 TOS=00 PREC=0x00 TTL=242 ID=620 PROTO=UDP SPT=32775 DPT=1026 LEN=347
A few informative links here:
http://www.google.com/search?q=UDP+1026
Looks like M$ Messenger Service spam.
cheers
Julian
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
