On Wed, Dec 18, 2002 at 08:09:15PM -0600, Shawn Mitchell wrote: > That's why I'm blocking those Winblows ports... I know what they are.. > but it's just the pure number of full network scans attempted.
well, that's what worms do. i can't say i'm surprised. > I'm not talking about their website IP Address... your correct in that > they have a modem for upstream, and that dish for downstream. i'm not talking about their website ip address either... > If a packet with a source address that is not one of my IP Addresses or on > RFC1918 tries to leave my internet interface... it's killed... I do that on > purpose as I don't want broadband users having their machines turned to > zombies, or their 12 year old kid finding a "cool" script. uh. how does this tie in with direcpc users? are direcpc users using your dial-up service for their upstream? > Their site say's Earthlink... but they say their an Ecorp company or > something... ecorp could be earthlink corporation... > What happens if they are using RFC1918 addresses? I've been seeing a LOT of > 10 dot traffic trying to exit... and also hit my DNS servers. they should be using direcpc's dial-up service, not yours. > If their using 10 dot addresses (which is stupid), I'm ok with allowing > it... IF I know all the places that it's suppose to goto. uh. how is it supposed to get delivered? most places drop packets destined for private networks. > It just pisses me off when you spend an hour on their tech support line, and > they say "We can't give you those addresses for security reasons" I'm just > like.. ok.. my network.. I see all the traffic anyway... After that, he > kept telling me that "No, we're not blocking anything" me: "No, I need to > know your IP Address's Blocks. They'll be something like a 1.2.3.4/20 or > something like that" him: "No, we're not blocking any ip addresses" if you see all the traffic, then do a lookup on arin.net to find the blocks allocated to them..? - jolan