Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: sabu on June 21, 2002, 01:32:52 PM
-
As an IRC user, I have an IRC Bot, which i keep my channel active with so no take overs occur on IRC servers with no services.
This however brings on packeting.
I get packeted often and go over my download limit.
I am pretty sure my computer is not responding to all these DDoS pings, because when i look in my Bandwidth Monitory (bwm) I see lots of download acitivity, but no upload.
How or where can i get a list of IP's that were involved in the attack so i can warn them that they have been compromised to attack others. Also, I need decent logs to provide my ISP so they don't cut me off.
Thanks
sabu
P.S. Is it possible to firewall my box so hard, that it will drop all ping requests and port scans, or other scans from outside my LAN. Thanks again.
-
Install it as "Private Server & Gateway" and it will not respond to any external requests. Including http, smtp, pop and Imap. Not sure if you use those services but it is one solution available to you.
Terry
-
I should also clarify that it also won't respond to pings, ident and trace routes when in private server and gateway.
Terry
-
Although I don't think responding to pings is the problem, thanks, where can i find out the exact differences that state the differences between Private Server & Gateway, and the others?
Also, is there a way I can log and then retrieve a list of IP's that were involved in the attack?
-
You can turn on the firewall logging with this:
/sbin/e-smith/db configuration setprop masq Logging all
/sbin/e-smith/signal-event remoteaccess-update
The rejected port accesses will then get logged in /var/log/messages
-
thanks!