From owner-freebsd-net Tue Mar 21 4: 2:19 2000 Delivered-To: freebsd-net@freebsd.org Received: from mail.surf1.de (mail.Surf1.de [194.25.165.21]) by hub.freebsd.org (Postfix) with ESMTP id 7715737B889 for ; Tue, 21 Mar 2000 04:02:11 -0800 (PST) (envelope-from alex@cichlids.com) Received: from cichlids.com (pC19F546B.dip0.t-ipconnect.de [193.159.84.107]) by mail.surf1.de (8.9.3/8.9.3) with ESMTP id MAA08770; Tue, 21 Mar 2000 12:02:30 +0100 Received: from cichlids.cichlids.com (cichlids.cichlids.com [192.168.0.10]) by cichlids.com (Postfix) with ESMTP id 58665AC2C; Tue, 21 Mar 2000 13:03:21 +0100 (CET) Received: (from alex@localhost) by cichlids.cichlids.com (8.9.3/8.9.3) id NAA06604; Tue, 21 Mar 2000 13:02:03 +0100 (CET) (envelope-from alex) Date: Tue, 21 Mar 2000 13:02:03 +0100 From: Alexander Langer To: Paul Robinson Cc: freebsd-net@FreeBSD.ORG Subject: Re: ipfw fwd to requester's ip Message-ID: <20000321130203.C2166@cichlids.cichlids.com> References: <20000320183644.J2721@cichlids.cichlids.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: ; from wigstah@akitanet.co.uk on Mon, Mar 20, 2000 at 11:12:25PM +0000 X-PGP-Fingerprint: 44 28 CA 4C 46 5B D3 A8 A8 E3 BA F3 4E 60 7D 7F X-Verwirrung: Dieser Header dient der allgemeinen Verwirrung. Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Thus spake Paul Robinson (wigstah@akitanet.co.uk): > Well, I read about 3 screens down the ipfw man page, and found a useful > section on fwd ipaddr [,port], although how you would specify the sender's Yes, I found that, too... > ip address and port in here dynamically is unknown to me at the ... the dynamic part is the problem. > address you are looking at (whois -h whois.ripe.net XXX.XXX.XXX.XXX in > Europe, and IIRC it's whois.arin.net for US?), and send to > abuse@domainname.com... Yes. You don't need an extra tool for that. I'm filtering all unknown ports at the moment and have written a script, that mails me unknown port-attacks. At the momehnt, that means, I'm getting around 40 requests from different people to my host, which really buggs me. I mailed abuse@ when this happend approx 2 times a day, at the moment it's just too much and I'm tired of doing this. (I think I'm the reason at least 50 users lost their accounts before *eg*) Ok. It seems, that at the momennt I'll just turn of logging for ports 1234 and the other one. > Denial-of-Service attacks here. I compromise box A, and I don't like you the DoS thing is a good reason not to do that. > Although it would be nice to 'see their faces', you won't because they're hehe. I know :) It was just a nice dream. I turned logging of now *sigh* Alex To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message