[clug] what do I do if I'm being hit by a foreign server?
mylists at wilsononline.id.au
Sun Oct 17 01:10:22 MDT 2010
I found my Billion router was continually rebooting this morning and after a while I
decided to switch my connection over to my Fedora router ie use my Fedora box to act as a
I noticed a large number of packets from 184.108.40.206 hitting port 5060 eg 40,000 in
about 30 mins, so I manually added a rule to just drop the packet without loggging
iptables -I INPUT 1 -i ppp0 -s 220.127.116.11 -j DROP
Oct 17 17:12:01 mythbox kernel: DROPI IN=ppp0 OUT= MAC= SRC=18.104.22.168 DST=myinternet
LEN=408 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=5085 DPT=5060 LEN=388
So is this all I can do, or should I use whois to send an "abuse" email to the ISP etc..
or do I let my ISP do that?
PS now I know Linux is a better router!
More information about the linux