[svlug] followup on port 4156 ping storm problem

[James Leone]

My friend...I know someone that knows some Perl...if he is not busy, he 
may be able to help you.

James Leone

dfox wrote:

>Hi *,
>
>A followup on my recent experiences. First of all, portsentry was 
>a solution, once I configured it, my internet was back to normal.
>But I'm not aware of any such virii/worms/etc that go after that
>particular port (4156), and the attack is still ongoing. I now
>have a /etc/hosts.deny file of over 5000 lines. This to me would
>constitute a very widespread attack, and those domains seem to
>be rather random.
>
>If this continues, I will have a rather large set of addresses
>that are blocked. Whether any of these are legitimate sites is
>something worth looking into. Problem is, there are too many of
>them for me to look closely at.
>
>Enter the wonderful world of scripting. I'm not an admin, and I've
>written just a tad number of short scripts, and don't yet know
>perl. Still, I figure I can parse the /etc/hosts.deny file, take
>out the IP, and lookup its MX record, or its textual name, if needed -
>and send a short notice to postmaster@ that domain.
>
>I checkd CERT earlier today, nothing was reported. Another site,
>the Internet storm watch site, didn't mention it, but I sent them
>email.
>
>Any suggestions for further action?
>
>
>
>
>_______________________________________________
>svlug mailing list
>svlug at lists.svlug.org
>http://lists.svlug.org/lists/listinfo/svlug
>  
>