mbak at fxnet.hu
Thu Aug 11 16:37:10 GMT 2005
On Thu, 2005-08-11 at 18:14, Paul Marsh wrote:
> Firewall? Hey that's a good idea, only kidding ;) I understand what
> they are. I guess I should have been a little more detailed in my first
> post. Are the source ports accurate or spoofed? I guess I'm looking
> for a way to get to the bottom of this stuff and get it shut down. My
> log is split 50% 1026 and 45% 1027, it's a pain in the butt trying to
> find legit stuff through all this freaking noise.
Can't you just tell the firewall not to log (silently drop) those
packages? I don't know what you're using, but I know it's possible with
iptables on Linux using different chains for different port ranges.
More information about the list