[Dshield] 1026-27

Mikael Bak mbak at fxnet.hu
Thu Aug 11 16:37:10 GMT 2005


On Thu, 2005-08-11 at 18:14, Paul Marsh wrote:
> Firewall? Hey that's a good idea, only kidding ;)  I understand what
> they are.  I guess I should have been a little more detailed in my first
> post.  Are the source ports accurate or spoofed?  I guess I'm looking
> for a way to get to the bottom of this stuff and get it shut down.  My
> log is split 50% 1026 and 45% 1027, it's a pain in the butt trying to
> find legit stuff through all this freaking noise.
> 

Paul,
Can't you just tell the firewall not to log (silently drop) those
packages? I don't know what you're using, but I know it's possible with
iptables on Linux using different chains for different port ranges.

HTH,
Mikael




More information about the list mailing list