zoran wrote: > Richard, > > Try to congigure your router, actually ban intruders IP in router., if > possible depends on manufacture. This wil save you a lot of time and it's > much more relaible. > > > Kind regards, > Zoran > <snip>
I feel this is probably impractical simply because the IP of the attacker never repeats so every attack would be from an IP that is not in the list. What I need is a DYNAMICly created list, which is what I thought the 'recent' feature of iptables was supposed to do. I still haven't given up hope that this worm (if that is what it is) is stoppable using this feature but it appears to come in from a different IP *and* a different PORT each attack, making it hard to trap until the attack actually starts. In fact, the port changes *during* the attack. So far, I have not seen anything I can get my teeth into but the router seems to be too low a level to detect/trap this beast. Richard -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
