[clug] what do I do if I'm being hit by a foreign server? (linux Digest, Vol 94, Issue 21, Message 1)
mgoodhew at gmail.com
Sun Oct 17 16:52:45 MDT 2010
> Date: Sun, 17 Oct 2010 18:10:22 +1100
> From: Paul <mylists at wilsononline.id.au>
> Message-ID: <4CBAA15E.6000101 at wilsononline.id.au>
> I noticed a large number of packets from 18.104.22.168 hitting port 5060 eg 40,000 in
FWIW, Limestone Networks, Dallas.
> So is this all I can do, or should I use whois to send an "abuse" email to the ISP etc..
> or do I let my ISP do that?
If it's still persisting, I'd at least query Limestone's abuse@
address about dealing with it at their end. I doubt they'd do
anything, but it can't hurt.
When I used to get a lot of Chinese IPs trying my SSH doorhandles
(before fail2ban removed them from my vision), I'd sometimes port-scan
back and send a "please stop annoying me" text back to anything that
connected. I've no idea if they even noticed, but if I were a
dastardly character doing this, I'd pay close attention to the
incoming connections and abandon attacks on anyone who noticed me.
Executive Computer Scientist
More information about the linux