[svlug] followup on port 4156 ping storm problem

[Webb Sprague]

Have you called your DSL carrier and told them about
it?  How about finding out where those IPs are and
calling/sending them emails (that might need scripting
as well).  It seems like you are being DOS'ed for some
reason.  

Does anybody else want to add their thoughts?  This
has never happened to me, so I am just guessing.

W
--- dfox <dfox at m206-157.dsl.tsoft.com> wrote:
> 
> Hi *,
> 
> A followup on my recent experiences. First of all,
> portsentry was 
> a solution, once I configured it, my internet was
> back to normal.
> But I'm not aware of any such virii/worms/etc that
> go after that
> particular port (4156), and the attack is still
> ongoing. I now
> have a /etc/hosts.deny file of over 5000 lines. This
> to me would
> constitute a very widespread attack, and those
> domains seem to
> be rather random.
> 
> If this continues, I will have a rather large set of
> addresses
> that are blocked. Whether any of these are
> legitimate sites is
> something worth looking into. Problem is, there are
> too many of
> them for me to look closely at.
> 
> Enter the wonderful world of scripting. I'm not an
> admin, and I've
> written just a tad number of short scripts, and
> don't yet know
> perl. Still, I figure I can parse the
> /etc/hosts.deny file, take
> out the IP, and lookup its MX record, or its textual
> name, if needed -
> and send a short notice to postmaster@ that domain.
> 
> I checkd CERT earlier today, nothing was reported.
> Another site,
> the Internet storm watch site, didn't mention it,
> but I sent them
> email.
> 
> Any suggestions for further action?
> 
> 
> 
> 
> _______________________________________________
> svlug mailing list
> svlug at lists.svlug.org
> http://lists.svlug.org/lists/listinfo/svlug


__________________________________________________
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
http://sbc.yahoo.com