Firewall Wizards mailing list archives

RE: Under attack

From: Bruce Platt <Bruce () ei3 com>
Date: Thu, 25 Jul 2002 07:23:10 -0400

Three simple ways:

1. Block them at your border router.  If you don't manage it, contact your
ISP.
2. Install hogwash, it's worth a read even if you don't,
http://hogwash.sf.net .
3. On your Raptor, add a network entity named whatever you want to call it,
say BAD-ISP, then create a rule with that as your "From Source", coming in
via your "Untrusted Interface" destined for "Your LAN" coming out via your
internal interface (the trusted LAN).  Deny access to all services.

Number 1 can be burdensome if this is a transient event and you want to
ordinarily communicate with the folks who are giving you grief now.

Number 2 is a great choice.  Hogwash used well can be pretty slick, and
gives you great control, but you need another box, and it takes a few hours
to set up.

Number 3 should do what you need.  You say it fails, are you sure you
crafted it properly?  Are you up to patch level?

Regards,

Bruce

-----Original Message-----
From: Allan Tagliaferro [mailto:allan.tagliaferro () pulseintl com au]
Sent: Thursday, July 25, 2002 3:03 AM
To: 'firewall-wizards () honor icsalabs com'
Subject: [fw-wiz] Under attack



Hi all,

We are using Raptor 6.5 on a NT box, at present we are getting a lot of
inbound attempts being made by a Hong Kong ISP, I have sent several emails
notifying them of this but no changes have occurred, the connections are
unauthorized by gwcontrol so they fail. I've tried several times to include
rules using a subnet of the IP range that this ISP uses but for some reason
the rules are not stopping the attempts rather it just fails due it being
unauthorized. I'm happy they are not getting through but am I feel like I've
lost control.

Can anyone please let me know how to successfully block an IP range from
entering our network. Also I would keen to know if there is an institute
that can be contacted to inform of these attempts ( a governing body of
sorts).

Your help and ideas are most welcome.

Thank you.
Allan Tagliaferro



**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
**********************************************************************

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Under attack Allan Tagliaferro (Jul 25)
- Re: Under attack R. DuFresne (Jul 25)
- <Possible follow-ups>
- RE: Under attack Bruce Platt (Jul 25)
- RE: Under attack Guy Hadsall (Jul 25)
- Re: Under attack Thom Dyson (Jul 25)