Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Pls help - seven days of port scans/DOS
« previous next »
Pages: 1 [2]  All   Go Down

Pls help - seven days of port scans/DOS

  • 20 Replies
  • 5689 Views

Offline BoZz

  • ***
  • 48
  • +0/-0
Pls help - seven days of port scans/DOS
« Reply #15 on: February 08, 2005, 11:56:47 AM »
There are some bad dudes around so don't try to get them back? I own and run a ISP in Australia and had a hack attack a few years ago. we track him down and trashed his PC  :-D  A day later started 3 months of DOS attack that all but used our 45mb link  :-(  Nearly sent me to the wall  :cry: Best to let them play and go away so you can live to surf another day  ;-)

Brett
Logged

Offline Brave Dave

  • *
  • 185
  • +0/-0
Pls help - seven days of port scans/DOS
« Reply #16 on: February 09, 2005, 11:15:05 AM »
Why don't you get on to your upstream providor

a few years back I had someone going crazy with DNS on my Telstra OnRamp - and it was pay by the megabyte - 19c

I got onto telstra and they blocked it upstream
Logged
.:DB:.

drywalldude

Ipcop works good
« Reply #17 on: February 09, 2005, 12:31:46 PM »
I found Ipcop to be easy to install and effective on my network. It is more functional as a gateway firewall than the contribs server and it takes the load off my web/mail server heres some shots :

http://www.ericswww.com/rpm_bay/ipcop_contribs.PNG
http://www.ericswww.com/rpm_bay/ipcop_graph.PNG
http://www.ericswww.com/rpm_bay/ipcopnetwork.png 8-)
Logged

drywalldude

Pls help - seven days of port scans/DOS
« Reply #18 on: February 09, 2005, 12:47:46 PM »
The ipcop setup is on a old ausus 400mhz AMD with 4 nics(wifi support on blue!! :-D ) also if you look in the addons there is something about intergration with Dans Gaurdian that may assist with your problem.

Ah finaly found something to do with that old piece of junk in the closet. :hammer:
Logged

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
Pls help - seven days of port scans/DOS
« Reply #19 on: February 09, 2005, 09:06:31 PM »
Quote from: "SSBN"

This will black list people who port scan or violet snort rules and ban/drop their ip for 5 or so days.


Note that because source IP addresses are forgeable, this allows  a pretty easy DoS. Any of your server's real customers can be black listed, just by an attacker faking a scan apparently coming from their IP address.
Logged

SMEmike

myNetWatchman.com helps in fighting back
« Reply #20 on: February 20, 2005, 06:26:24 AM »
Have a look at myNetWatchman.com, they collect log information from firewalls around the Internet and automatically notify ISPs whose members are sourcing excessive port scans.

I did find this older howto to integrate the myNetWatchman client into SME 5.2.  Don't know if it is still valid.

- http://www.wellsi.com/sme/mnwclient/mnwclient.html

The idea is a great one, but I have not yet used myself.

SMEmike.
Logged
Pages: 1 [2]  All   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Pls help - seven days of port scans/DOS