[clug] what do I do if I'm being hit by a foreign server? (linux Digest, Vol 94, Issue 21, Message 1)

[Miles Goodhew]

Paul,

> Date: Sun, 17 Oct 2010 18:10:22 +1100
> From: Paul <mylists at wilsononline.id.au>
> Message-ID: <4CBAA15E.6000101 at wilsononline.id.au>
...
> I noticed a large number of packets from 208.115.222.75 hitting port 5060 eg 40,000 in

  FWIW, Limestone Networks, Dallas.

...
> So is this all I can do, or should I use whois to send an "abuse" email to the ISP etc..
> or do I let my ISP do that?

  If it's still persisting, I'd at least query Limestone's abuse@
address about dealing with it at their end. I doubt they'd do
anything, but it can't hurt.
  When I used to get a lot of Chinese IPs trying my SSH doorhandles
(before fail2ban removed them from my vision), I'd sometimes port-scan
back and send a "please stop annoying me" text back to anything that
connected. I've no idea if they even noticed, but if I were a
dastardly character doing this, I'd pay close attention to the
incoming connections and abandon attacks on anyone who noticed me.

M0les.

-- 
Miles Goodhew,
Executive Computer Scientist