https://www.webmaster-forums.net/crss/node/1019512 en https://www.webmaster-forums.net/server-management/banning-ip#comment-1117070 <p>lol this issue is getting hard to follow:)</p> Mon, 28 Oct 2002 23:57:18 +0000 hagar comment 1117070 at https://www.webmaster-forums.net https://www.webmaster-forums.net/server-management/banning-ip#comment-1117069 <p>I'll continue this thread over at <a href="http://www.webmaster-forums.net/showthread.php?s=&amp;threadid=19503" class="bb-url">http://www.webmaster-forums.net/showthread.php?s=&amp;threadid=19503</a> as it pertains to that more <img src="https://www.webmaster-forums.net/misc/smileys/smile.png" title="Smiling" alt="Smiling" class="smiley-content" /></p> Mon, 28 Oct 2002 23:53:56 +0000 nike_guy_man comment 1117069 at https://www.webmaster-forums.net https://www.webmaster-forums.net/server-management/banning-ip#comment-1117064 <p>any machine can attack any other machine existing on a network, the platforms arent that important. Whats more interesting is that you said this is getting past your router..</p> <p>now SSDP on port 1900 uses UDP and TCP do you have both protocols blocked? Port 5000 is also a port associated with UPNP in TCP/UDP which should also be blocked specifically. Port 1901 is a Fujitsu ICL Terminal Emulator Program connection port(fjicl-tep-a), which is rather weird that its trying to connect to you.</p> <p>this is the info i gathered at MS(<a href="http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-054.asp" class="bb-url">http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS01-054.asp</a>) about their vulnerability which I have no idea HOW it could KILL a red hat box(other then packet flood), but here it is FYI anyway:</p> <p><strong>A vulnerability results because the UPnP service does not correctly handle certain types of invalid UPnP requests. On Windows 98, 98SE, and ME systems, receiving such a request could cause a variety of effects ranging from slow performance to system failure. On Windows XP, the effect is less serious as the flaw consists of a memory leak. Each time a Windows XP system received such a request, a small amount of system memory would become unavailable; if repeated many times, it could deplete system resources to the point where performance slowed or stopped altogether. </strong></p> <p>If your server is seriously getting bombarded, this might be some form of poorly executed Denial of Service Attack(cause the attack doesnt know you are using a non MS boxen). It isnt killing the server cause it isnt vulnerable, but it will obviously slow your connection bandwidth. You been angering script kids lately?<img src="https://www.webmaster-forums.net/misc/smileys/big.png" title="Laughing out loud" alt="Laughing out loud" class="smiley-content" /></p> <p>This might also perhaps be a very eager port scan across your IP range? Your ISP might have more info.</p> Mon, 28 Oct 2002 23:33:33 +0000 hagar comment 1117064 at https://www.webmaster-forums.net https://www.webmaster-forums.net/server-management/banning-ip#comment-1117061 <p><img src="https://www.webmaster-forums.net/misc/smileys/smile.png" title="Smiling" alt="Smiling" class="smiley-content" /> I've seen that article about 200 times now, in asking for help<br /> How could a Windows file be attacking my Linux system??</p> Mon, 28 Oct 2002 22:46:41 +0000 nike_guy_man comment 1117061 at https://www.webmaster-forums.net https://www.webmaster-forums.net/server-management/banning-ip#comment-1117053 <p>You can add them to your /etc/hosts.deny file. Just make sure that your hosts.allow is set to all, then you can specify an IP to deny in hosts.deny. </p> <p>Here is an article that may help you on the port:<br /> <a href="http://is-it-true.org/nt/xp/registry/rtips18.shtml" class="bb-url">Port 1900</a></p> Mon, 28 Oct 2002 21:59:02 +0000 mairving comment 1117053 at https://www.webmaster-forums.net