Firewall Wizards mailing list archives
RE: Under attack
From: Bruce Platt <Bruce () ei3 com>
Date: Thu, 25 Jul 2002 07:23:10 -0400
Three simple ways: 1. Block them at your border router. If you don't manage it, contact your ISP. 2. Install hogwash, it's worth a read even if you don't, http://hogwash.sf.net . 3. On your Raptor, add a network entity named whatever you want to call it, say BAD-ISP, then create a rule with that as your "From Source", coming in via your "Untrusted Interface" destined for "Your LAN" coming out via your internal interface (the trusted LAN). Deny access to all services. Number 1 can be burdensome if this is a transient event and you want to ordinarily communicate with the folks who are giving you grief now. Number 2 is a great choice. Hogwash used well can be pretty slick, and gives you great control, but you need another box, and it takes a few hours to set up. Number 3 should do what you need. You say it fails, are you sure you crafted it properly? Are you up to patch level? Regards, Bruce -----Original Message----- From: Allan Tagliaferro [mailto:allan.tagliaferro () pulseintl com au] Sent: Thursday, July 25, 2002 3:03 AM To: 'firewall-wizards () honor icsalabs com' Subject: [fw-wiz] Under attack Hi all, We are using Raptor 6.5 on a NT box, at present we are getting a lot of inbound attempts being made by a Hong Kong ISP, I have sent several emails notifying them of this but no changes have occurred, the connections are unauthorized by gwcontrol so they fail. I've tried several times to include rules using a subnet of the IP range that this ISP uses but for some reason the rules are not stopping the attempts rather it just fails due it being unauthorized. I'm happy they are not getting through but am I feel like I've lost control. Can anyone please let me know how to successfully block an IP range from entering our network. Also I would keen to know if there is an institute that can be contacted to inform of these attempts ( a governing body of sorts). Your help and ideas are most welcome. Thank you. Allan Tagliaferro ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. ********************************************************************** _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Under attack Allan Tagliaferro (Jul 25)
- Re: Under attack R. DuFresne (Jul 25)
- <Possible follow-ups>
- RE: Under attack Bruce Platt (Jul 25)
- RE: Under attack Guy Hadsall (Jul 25)
- Re: Under attack Thom Dyson (Jul 25)