[clug] what do I do if I'm being hit by a foreign server?
Paul
mylists at wilsononline.id.au
Sun Oct 17 01:10:22 MDT 2010
I found my Billion router was continually rebooting this morning and after a while I
decided to switch my connection over to my Fedora router ie use my Fedora box to act as a
internet gateway.
I noticed a large number of packets from 208.115.222.75 hitting port 5060 eg 40,000 in
about 30 mins, so I manually added a rule to just drop the packet without loggging
eg
iptables -I INPUT 1 -i ppp0 -s 208.115.222.75 -j DROP
Log output
Oct 17 17:12:01 mythbox kernel: DROPI IN=ppp0 OUT= MAC= SRC=208.115.222.75 DST=myinternet
LEN=408 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=5085 DPT=5060 LEN=388
So is this all I can do, or should I use whois to send an "abuse" email to the ISP etc..
or do I let my ISP do that?
PS now I know Linux is a better router!
thanks
Paul
More information about the linux
mailing list