[clug] what do I do if I'm being hit by a foreign server? (linux Digest, Vol 94, Issue 21, Message 1)

Miles Goodhew mgoodhew at gmail.com
Sun Oct 17 16:52:45 MDT 2010


> Date: Sun, 17 Oct 2010 18:10:22 +1100
> From: Paul <mylists at wilsononline.id.au>
> Message-ID: <4CBAA15E.6000101 at wilsononline.id.au>
> I noticed a large number of packets from hitting port 5060 eg 40,000 in

  FWIW, Limestone Networks, Dallas.

> So is this all I can do, or should I use whois to send an "abuse" email to the ISP etc..
> or do I let my ISP do that?

  If it's still persisting, I'd at least query Limestone's abuse@
address about dealing with it at their end. I doubt they'd do
anything, but it can't hurt.
  When I used to get a lot of Chinese IPs trying my SSH doorhandles
(before fail2ban removed them from my vision), I'd sometimes port-scan
back and send a "please stop annoying me" text back to anything that
connected. I've no idea if they even noticed, but if I were a
dastardly character doing this, I'd pay close attention to the
incoming connections and abandon attacks on anyone who noticed me.


Miles Goodhew,
Executive Computer Scientist

More information about the linux mailing list