Apr 18 19:28:59 dev kernel: SuSE-FW-DROP-DEFAULT IN=eth0 OUT= MAC=00:01:02:15:4f:e5:00:09:b6:6b:84:8c:08:00 SRC=195.86.128.45 DST=81.99.191.85 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=3621 PROTO=TCP SPT=56637 DPT=17319 WINDOW=2048 RES=0x00 SYN URGP=0
Apr 18 19:28:59 dev kernel: SuSE-FW-DROP-DEFAULT IN=eth0 OUT= MAC=00:01:02:15:4f:e5:00:09:b6:6b:84:8c:08:00 SRC=195.86.128.45 DST=81.99.191.85 LEN=40 TOS=0x00 PREC=0x00 TTL=28 ID=22532 PROTO=TCP SPT=56637 DPT=13501 WINDOW=2048 RES=0x00 SYN URGP=0
Is there anything I can easily do to stop it.
Adam
May I suggest adding a drop rule for everything coming from that address range The following might work. iptables -N drop-and-log-it iptables -A drop-and-log-it -j LOG --log-level info iptables -A drop-and-log-it -j REJECT iptables -A INPUT -i eth0 -s 195.86.128.45 -j drop-and-log-it Also start watching for other addresses with the same pattern. Then do a lookup on that network address find out what block it's on and block the entire address range. If you have an extra machine set it up as a honey pot directing traffic on an exploitable port to it from yoru firewall then leave an obvious exploit. As soon as you can log the person trying to enter. e-mail the address and yoru proof to the ISP and yoru local cyber crime unit.