From owner-freebsd-net  Tue Mar 21  4: 2:19 2000
Delivered-To: freebsd-net@freebsd.org
Received: from mail.surf1.de (mail.Surf1.de [194.25.165.21])
	by hub.freebsd.org (Postfix) with ESMTP id 7715737B889
	for <freebsd-net@FreeBSD.ORG>; Tue, 21 Mar 2000 04:02:11 -0800 (PST)
	(envelope-from alex@cichlids.com)
Received: from cichlids.com (pC19F546B.dip0.t-ipconnect.de [193.159.84.107])
	by mail.surf1.de (8.9.3/8.9.3) with ESMTP id MAA08770;
	Tue, 21 Mar 2000 12:02:30 +0100
Received: from cichlids.cichlids.com (cichlids.cichlids.com [192.168.0.10])
	by cichlids.com (Postfix) with ESMTP
	id 58665AC2C; Tue, 21 Mar 2000 13:03:21 +0100 (CET)
Received: (from alex@localhost)
	by cichlids.cichlids.com (8.9.3/8.9.3) id NAA06604;
	Tue, 21 Mar 2000 13:02:03 +0100 (CET)
	(envelope-from alex)
Date: Tue, 21 Mar 2000 13:02:03 +0100
From: Alexander Langer <alex@big.endian.de>
To: Paul Robinson <wigstah@akitanet.co.uk>
Cc: freebsd-net@FreeBSD.ORG
Subject: Re: ipfw fwd to requester's ip
Message-ID: <20000321130203.C2166@cichlids.cichlids.com>
References: <20000320183644.J2721@cichlids.cichlids.com> <Pine.BSF.4.21.0003202245070.31205-100000@jake.akitanet.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0.1i
In-Reply-To: <Pine.BSF.4.21.0003202245070.31205-100000@jake.akitanet.co.uk>; from wigstah@akitanet.co.uk on Mon, Mar 20, 2000 at 11:12:25PM +0000
X-PGP-Fingerprint: 44 28 CA 4C 46 5B D3 A8  A8 E3 BA F3 4E 60 7D 7F
X-Verwirrung: Dieser Header dient der allgemeinen Verwirrung.
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Thus spake Paul Robinson (wigstah@akitanet.co.uk):

> Well, I read about 3 screens down the ipfw man page, and found a useful
> section on fwd ipaddr [,port], although how you would specify the sender's

Yes, I found that, too...

> ip address and port in here dynamically is unknown to me at the

... the dynamic part is the problem.

> address you are looking at (whois -h whois.ripe.net XXX.XXX.XXX.XXX in
> Europe, and IIRC it's whois.arin.net for US?), and send to
> abuse@domainname.com...

Yes. You don't need an extra tool for that.
I'm filtering all unknown ports at the moment and have written a
script, that mails me unknown port-attacks.

At the momehnt, that means, I'm getting around 40 requests from
different people to my host, which really buggs me.

I mailed abuse@ when this happend approx 2 times a day, at the moment
it's just too much and I'm tired of doing this.

(I think I'm the reason at least 50 users lost their accounts before
*eg*)

Ok. It seems, that at the momennt I'll just turn of logging for ports
1234 and the other one.

> Denial-of-Service attacks here. I compromise box A, and I don't like you

the DoS thing is a good reason not to do that.

> Although it would be nice to 'see their faces', you won't because they're

hehe. I know :)

It was just a nice dream.

I turned logging of now *sigh*

Alex


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message