[HECnet] MONITOR DISK - Meaning of values

[Brian Schenkenberger, VAXman-]

Sampsa Laine <sampsa at mac.com> writes:

>You're probably under a Chinese/Russian robot attack, trying to =
>brute-force their way in.
>
>I've had this on occasion and am tempted to just drop all packets =
>originating from China..

I've gone even further here.  I block all nets that originate APNIC.



>Not sure what the best way to do this is, I have a pretty simple =
>consumer level router (Draytek) so I guess I could use iptables or =
>something on Linux - however I'm not if that'll just affect the host I =
>run the iptables command on or the whole interface.
>
>Basically, I have one physical interface for 8 virtual machines and a =
>bunch of SIMH instances etc. If I could drop the packets at the =
>interface of the host machine it'd be ideal.
>
>Any iptables experts out there?

I use IPTABLES on one of the Lunix servers I run to add IP addresses which I
have determined to be those of botnet control systems (generally, systems the
Chinese et al are using).

/sbin/iptables -A INPUT -s $IP           -p all -j DROP

-- 
VAXman- A Bored Certified VMS Kernel Mode Hacker    VAXman(at)TMESIS(dot)ORG

I speak to machines with the voice of humanity.