[clug] what do I do if I'm being hit by a foreign server?

Paul mylists at wilsononline.id.au
Sun Oct 17 01:10:22 MDT 2010

I found my Billion router was continually rebooting this morning and after a while I 
decided to switch my connection over to my Fedora router ie use my Fedora box to act as a 
internet gateway.
I noticed a large number of packets from hitting port 5060 eg 40,000 in 
about 30 mins, so I manually added a rule to just drop the packet without loggging
iptables  -I INPUT 1 -i ppp0 -s -j DROP

Log output
Oct 17 17:12:01 mythbox kernel: DROPI IN=ppp0 OUT= MAC= SRC= DST=myinternet 
LEN=408 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=5085 DPT=5060 LEN=388

So is this all I can do, or should I use whois to send an "abuse" email to the ISP etc.. 
or do I let my ISP do that?

PS now I know Linux is a better router!


More information about the linux mailing list