Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 21 Mar 2000 13:02:03 +0100
From:      Alexander Langer <alex@big.endian.de>
To:        Paul Robinson <wigstah@akitanet.co.uk>
Cc:        freebsd-net@FreeBSD.ORG
Subject:   Re: ipfw fwd to requester's ip
Message-ID:  <20000321130203.C2166@cichlids.cichlids.com>
In-Reply-To: <Pine.BSF.4.21.0003202245070.31205-100000@jake.akitanet.co.uk>; from wigstah@akitanet.co.uk on Mon, Mar 20, 2000 at 11:12:25PM %2B0000
References:  <20000320183644.J2721@cichlids.cichlids.com> <Pine.BSF.4.21.0003202245070.31205-100000@jake.akitanet.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help 
Thus spake Paul Robinson (wigstah@akitanet.co.uk):

> Well, I read about 3 screens down the ipfw man page, and found a useful
> section on fwd ipaddr [,port], although how you would specify the sender's

Yes, I found that, too...

> ip address and port in here dynamically is unknown to me at the

... the dynamic part is the problem.

> address you are looking at (whois -h whois.ripe.net XXX.XXX.XXX.XXX in
> Europe, and IIRC it's whois.arin.net for US?), and send to
> abuse@domainname.com...

Yes. You don't need an extra tool for that.
I'm filtering all unknown ports at the moment and have written a
script, that mails me unknown port-attacks.

At the momehnt, that means, I'm getting around 40 requests from
different people to my host, which really buggs me.

I mailed abuse@ when this happend approx 2 times a day, at the moment
it's just too much and I'm tired of doing this.

(I think I'm the reason at least 50 users lost their accounts before
*eg*)

Ok. It seems, that at the momennt I'll just turn of logging for ports
1234 and the other one.

> Denial-of-Service attacks here. I compromise box A, and I don't like you

the DoS thing is a good reason not to do that.

> Although it would be nice to 'see their faces', you won't because they're

hehe. I know :)

It was just a nice dream.

I turned logging of now *sigh*

Alex


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000321130203.C2166>