Hi, Thanks for everyones advice. The attack is still continuing at a rate of around 10 attempts a second. Between around 4pm & 8pm I received just under 65000 attempts just from that one ip address. SuSE firewall is working well and no degrade in system performance, but some web sites are timing out and it gets a bit annoying. There is definately no P2P software running at the moment. I had used some before this attack started. I know that I get scanned all the time, however my /var/log/warn file for just yesterday was massive (at least 10MB), today it is well over 30MB. I wonder how I pissed this person off. Probably because I reported them for sending SPAM or something along those lines. The system seems really unsecure. I just did a simple port scan and found the following services running. I wouldn't normally do that, however the attack has now been going on for nearly 24 hours. Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Interesting ports on kes.wirehub.nl (195.86.128.45): (The 1583 ports scanned but not shown below are in state: closed) Port State Service 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 25/tcp open smtp 53/tcp open domain 80/tcp open http 111/tcp open sunrpc 443/tcp open https 513/tcp open login 514/tcp open shell 587/tcp open submission 1020/tcp open unknown 1021/tcp open unknown 1022/tcp open unknown 1023/tcp open unknown 2049/tcp open nfs 12346/tcp filtered NetBus 31337/tcp filtered Elite Nmap run completed -- 1 IP address (1 host up) scanned in 11 seconds I'm unsure what some of these services are. Regards Adam On Sat, 2003-04-19 at 03:42, David Krider wrote:
Adam Leach wrote:
Is there anything I can easily do to stop it.
First, don't panic. Are you really sure that *every* port is being scanned? It may be nothing. Are you playing multiplayer games on your network? Are you using any sort of P2P app? Are you browsing the web? All of these can generate spurious packets that may or may not be legitimate, but may still be non-malicious.
If it really is a dedicated attack -- and it may be -- then what everyone else is saying is true. Close up as many ports as you can. Drop the packets. Create burst-limit firewall rules. Don't respond to pings. Harden the services you do want to keep open.
Welcome to being on the internet. ;-) Most people *are* being scanned or probed in some fashion or the other -- all the time -- and just don't know it. Once you start realizing how common this crap is, it'll scare you at first. Then you make sure you're secure, and you get over it. You just have to strike a balance with security, privacy, time, effort, and money.
-- Regards, dk