[clug] what do I do if I'm being hit by a foreign server?
Kim Holburn
kim.holburn at gmail.com
Sun Oct 17 16:40:32 MDT 2010
I'd call your ISP and ask them to block the port for now if you're not
using VOIP so you don't end up paying for the incoming bytes.
Sounds like one of those VOIP attacks. They try and make phone calls
through your system and you get charged for the calls.
http://www.zdnet.com.au/thousands-lost-in-rising-voip-attacks-339306478.htm
On 2010/Oct/17, at 6:10 PM, Paul wrote:
> I found my Billion router was continually rebooting this morning and
> after a while I decided to switch my connection over to my Fedora
> router ie use my Fedora box to act as a internet gateway.
> I noticed a large number of packets from 208.115.222.75 hitting port
> 5060 eg 40,000 in about 30 mins, so I manually added a rule to just
> drop the packet without loggging
> eg
> iptables -I INPUT 1 -i ppp0 -s 208.115.222.75 -j DROP
>
> Log output
> Oct 17 17:12:01 mythbox kernel: DROPI IN=ppp0 OUT= MAC=
> SRC=208.115.222.75 DST=myinternet LEN=408 TOS=0x00 PREC=0x00 TTL=47
> ID=0 DF PROTO=UDP SPT=5085 DPT=5060 LEN=388
>
>
> So is this all I can do, or should I use whois to send an "abuse"
> email to the ISP etc.. or do I let my ISP do that?
>
> PS now I know Linux is a better router!
>
> thanks
> Paul
> --
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
--
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408 M: +61 404072753
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
More information about the linux
mailing list