At what point can you actually write to the abuse contact of an IP?
For 3 days, since my domain went online, I have an external IP here that has generated me 46,000 drop input entries so far, with random ports popping up via TCP.
That makes 78% of all my hits.
I think nobody reads anymore the abuse emails. That version of Internet is long gone. I miss it.
Then what can I do about this penetrate honk?
Our IPF gets hit 100’s of times a minute by rogue packets. So long your defenses are sufficiently hardened it shouldn’t matter. It’s an absolute jungle out there. You could also observe the traffic and harden your defenses even more.
1 Like
but it is only one IP from bulgaria…
Then throw it under the bus.
Email to the IP owner and a “kill’em all” setting into firewall.
Location Block for Bulgaria will block the country and also not log anything.
2 Likes
I did it with the script of ummeegge from this post and block the company Tamatiya EOOD.
But I would be interested in how I now get the entries out of the log, I look in there every now and then and observe trends, also I have already blocked some countries in the settings. The script method with the companys I find more elegantly solved, only the entries should not be displayed.
Is there a possibility?
Tonight at 1:25 am the Bulgarian IP went quiet… nothing more until now… 3 days of massive portscanning… 2 possibilities, first he/she is in or second ipfire gives him/her a middle finger answer… i think the second possibility hits is 