[Nottingham] iptables log analysis
Steve Bridges
nottingham at mailman.lug.org.uk
Thu Sep 18 16:08:00 2003
Hi,
I've been getting similar hits on my firewall. Loads of pings in my =
snort logs, mostly from other boxes on my ISP. I checked it out and =
according to several pages I found via google it's one of the various =
MS/blaster worm variants. I'm getting about 900 a day and rising. =
Probably nothing to worry about except for any lost bandwidth. Annoying =
though.
Steve
> -----Original Message-----
> From: Duncan John Fyfe [mailto:djf@star.le.ac.uk]
> Sent: 18 September 2003 15:48
> To: nottingham@mailman.lug.org.uk
> Subject: [Nottingham] iptables log analysis
>=20
>=20
...snip...
> Either I'm being pinged a lot by random people (1763 uniq IP=20
> addresses in 2972 messages, mostly originating within ntl) or=20
> my understanding of the above rule is wrong.
> My understanding of the rule is
> "If I receive on average more than 5 pings per minute from=20
> a source IP address then the source is logged."
>=20
> Anyone able to comment ?
>=20
>=20
> Have fun,
> Duncan
>=20
> --=20
> Duncan John Fyfe X-ray Astronomy Group,
> Dept. of Physics & Astronomy,
> Phone +44 116 252 3635 University of Leicester,
> E-mail djf@star.le.ac.uk University Road,
> Leicester, LE1 7RH, U.K.
>=20
>=20
>=20
>=20
> _______________________________________________
> Nottingham mailing list
> Nottingham@mailman.lug.org.uk
> http://mailman.lug.org.uk/mailman/listinfo/nottingham
>=20