Nuke the spammers - dslreports.com

Author	All Replies
rec9140 Provoice just DO it join:2003-07-29 Mulberry, FL	Nuke the spammers I watch the syslog output from my router daily, and see all kinds of attacks. Heres just the last 40 today: 03-05-2004 16:25:23 Local7.Debug 192.168.0.1 Unrecognized access from 162.119.64.111:39649 to TCP port 80 03-05-2004 16:25:17 Local7.Debug 192.168.0.1 Unrecognized access from 162.119.64.111:39649 to TCP port 80 03-05-2004 16:25:14 Local7.Debug 192.168.0.1 Unrecognized access from 162.119.64.111:39649 to TCP port 80 03-05-2004 15:47:04 Local7.Debug 192.168.0.1 Unrecognized access from 200.149.125.160:4337 to TCP port 17300 03-05-2004 15:47:01 Local7.Debug 192.168.0.1 Unrecognized access from 200.149.125.160:4337 to TCP port 17300 03-05-2004 15:43:44 Local7.Debug 192.168.0.1 Unrecognized access from 217.217.140.170:2348 to TCP port 80 03-05-2004 15:43:38 Local7.Debug 192.168.0.1 Unrecognized access from 217.217.140.170:2348 to TCP port 80 03-05-2004 15:43:35 Local7.Debug 192.168.0.1 Unrecognized access from 217.217.140.170:2348 to TCP port 80 03-05-2004 15:25:13 Local7.Debug 192.168.0.1 Unrecognized access from 67.165.160.145:2750 to TCP port 17300 03-05-2004 15:25:10 Local7.Debug 192.168.0.1 Unrecognized access from 67.165.160.145:2750 to TCP port 17300 03-05-2004 15:23:35 Local7.Debug 192.168.0.1 Unrecognized access from 220.219.85.212:2891 to TCP port 80 03-05-2004 15:23:29 Local7.Debug 192.168.0.1 Unrecognized access from 220.219.85.212:2891 to TCP port 80 03-05-2004 15:23:26 Local7.Debug 192.168.0.1 Unrecognized access from 220.219.85.212:2891 to TCP port 80 03-05-2004 15:15:52 Local7.Debug 192.168.0.1 Unrecognized access from 199.191.64.1:16800 to TCP port 80 03-05-2004 15:15:46 Local7.Debug 192.168.0.1 Unrecognized access from 199.191.64.1:16800 to TCP port 80 03-05-2004 15:15:43 Local7.Debug 192.168.0.1 Unrecognized access from 199.191.64.1:16800 to TCP port 80 03-05-2004 15:04:17 Local7.Debug 192.168.0.1 Unrecognized access from 151.24.211.16:1285 to TCP port 3127 03-05-2004 15:04:13 Local7.Debug 192.168.0.1 Unrecognized access from 151.24.211.16:1285 to TCP port 3127 03-05-2004 14:37:00 Local7.Debug 192.168.0.1 Unrecognized access from 211.5.43.150:4312 to TCP port 80 03-05-2004 14:36:54 Local7.Debug 192.168.0.1 Unrecognized access from 211.5.43.150:4312 to TCP port 80 03-05-2004 14:36:51 Local7.Debug 192.168.0.1 Unrecognized access from 211.5.43.150:4312 to TCP port 80 03-05-2004 14:08:59 Local7.Debug 192.168.0.1 Unrecognized access from 198.203.102.3:21557 to TCP port 80 03-05-2004 14:08:35 Local7.Debug 192.168.0.1 Unrecognized access from 198.203.102.3:21557 to TCP port 80 03-05-2004 14:08:23 Local7.Debug 192.168.0.1 Unrecognized access from 198.203.102.3:21557 to TCP port 80 03-05-2004 14:08:17 Local7.Debug 192.168.0.1 Unrecognized access from 198.203.102.3:21557 to TCP port 80 03-05-2004 14:08:11 Local7.Debug 192.168.0.1 Unrecognized access from 198.203.102.3:21557 to TCP port 80 03-05-2004 14:07:35 Local7.Debug 192.168.0.1 Unrecognized access from 211.181.86.240:3255 to TCP port 80 03-05-2004 14:07:29 Local7.Debug 192.168.0.1 Unrecognized access from 211.181.86.240:3255 to TCP port 80 03-05-2004 14:07:26 Local7.Debug 192.168.0.1 Unrecognized access from 211.181.86.240:3255 to TCP port 80 03-05-2004 14:07:07 Local7.Debug 192.168.0.1 Unrecognized access from 216.31.128.146:12347 to UDP port 33439 03-05-2004 14:07:02 Local7.Debug 192.168.0.1 Unrecognized access from 216.31.128.146:12347 to UDP port 33439 03-05-2004 14:06:57 Local7.Debug 192.168.0.1 Unrecognized access from 216.31.128.146:12347 to UDP port 33439 03-05-2004 14:06:52 Local7.Debug 192.168.0.1 Unrecognized access from 216.31.128.146:12347 to UDP port 33439 03-05-2004 14:06:47 Local7.Debug 192.168.0.1 Unrecognized access from 216.31.128.146:12347 to UDP port 33439 You will see various attempts from 3127 virus, attempts to get to a non existant web server and various other mal/spy/virus ware. I wonder how many of RR's 2Millon customers are using a simple router v. connected straight to the PC via USB (most likely) or ethernet. I really think DSL, ISDN, cable, VSAT, even dial up should require at a minimum a NAT router. That would cut down on alot of the crap. Parterning with one of the anti virus providers would also be a plus. Maybe they could come up with a litte live CD you put in, run it. It runs a software with no install, updates its virus definitions, and spy/mal/adware definitions then runs an anti virus, and SpyBot S&D then sends a signal to an activation server to enable the account once you get a clean bill of health. For all those that suggest port blocks. STEP AWAY from your PC's! Some users have legitimate uses for outbound SMTP on port 25. I have hosted domains which all my mail goes thru and need to access them. I don't need a bunch of hoops to jump thru to send my mail. I don't try to limit your use, so maybe if there are port blocks we block some ports that really don't have a use. Online game ports. See you gamers are probably fuming by now. Well, thats how those of us with hosted domains with/SMTP servers feel. At least comcrap is trying to clean up its network and get the zombies back to the cemetary.
	to forum · permalink · · 2004-03-05 17:05:08 ·
KitFox join:2002-10-09 Denver, CO	Okay, so you run a server and domain on your system and have to accept SMTP. However, consider this: Comcast's ToS does not allow the running of any servers, which includes SMTP. As such, it would not break anything to enforce this by disallowing Port 25 connections to any Comcast customer. (Note: Still allow OUTBOUND 25 traffic, but not inbound). This would not help with the people whose zombies are listening on something like port 31337 or such, but it would defang all the improperly-configured mail servers on home connections. (Of which there are unfortunately way too many.) And, then consider, under most circumstances, it would not hurt Comcast home users to block outbound port 25 to all but smtp.comcast.net. Unless you fear being discovered doing soemthing wrong (In which case, get PGP or such), or the mail server is down, there really is no good reason to need to send mail directly to another ISP's mail server. And, for those who scream "Well I have a good reason!!!"... You're probably technically inclined... set a port shift locally and at a remote machine. Connect locally to a hard-coded port, pipe it to a remote machine at a non-blocked port, and have that machine pipe it to the proper location. And anybody who says "But I have SO many machines that I have to send to on the same port!"... You're just not thinking of things hard enough. Remember, your computer has a whole personal loopback /8 assigned to it. Overall, yes, some things can make it harder for us who have a clue to get things done, but as long as we can get it done somehow, and we block the ID Ten T errors from other folks, I'm willing to jump through a few hoops to get things done. AS LONG as the hoops are actualy available. (No fair forcing NAT on and not letting me access it.)
KitFox join:2002-10-09 Denver, CO	to forum · permalink · · 2004-03-06 16:13:34 ·


Sunday, 22-Nov 17:56:40	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF