[Dshield] What should I do next

Jim Gifford maillist at jg555.com
Fri May 10 04:50:43 GMT 2002


I have question to pose. Over the last few weeks, I have had somebody
attempting to hack into my system. I got a little ticked off and wrote my
own iptables firewall. I added the string blocking capability. I have it log
informaition, about these attacks. I have contacted the owner of the IP
block to no avail, what should I do next. Here is a sample of what I am
seeing.

May 9 10:12:03 server IPT: Hacker_root.exe: IN=eth0 OUT= MAC=
SRC=xxx.xxx.xxx.xxx DST=xxx.xxx.xxx.xxx LEN=112 TOS=0x00 PREC=0x00 TTL=111
ID=2054 DF PROTO=TCP SPT=3591 DPT=80 WINDOW=17520 RES=0x00 ACK PSH URGP=0
May 9 10:33:01 server IPT: Hacker_root.exe: IN=eth0 OUT= MAC=
SRC=xxx.xxx.xxx.xxx DST=xxx.xxx.xxx.xxxLEN=112 TOS=0x00 PREC=0x00 TTL=111
ID=49275 DF PROTO=TCP SPT=3629 DPT=80 WINDOW=17520 RES=0x00 ACK PSH URGP=0
May 9 10:33:19 server IPT: Hacker_cmd.exe: IN=eth0 OUT= MAC=
SRC=xxx.xxx.xxx.xxx DST=xxx.xxx.xxx.xxx LEN=137 TOS=0x00 PREC=0x00 TTL=111
ID=52349 DF PROTO=TCP SPT=3976 DPT=80 WINDOW=17520 RES=0x00 ACK PSH URGP=0
May 9 11:55:46 server IPT: Hacker_root.exe: IN=eth0 OUT= MAC=
SRC=xxx.xxx.xxx.xxx DST=xxx.xxx.xxx.xxx LEN=112 TOS=0x00 PREC=0x00 TTL=111
ID=11323 DF PROTO=TCP SPT=3317 DPT=80 WINDOW=17520 RES=0x00 ACK PSH URGP=0




More information about the list mailing list