4 Aug
2006
4 Aug
'06
10:12 a.m.
On 8/4/06, Paul unix@bikesn4x4s.com wrote:
So, seeing this is weird activity, I wanna see if I can put a stop to it. So I added to iptables: -A INPUT -s 209.200.128.0/255.255.192.0 -j DROP -A OUTPUT -o eth0 -p tcp -m tcp -d 209.200.128.0/255.255.192.0 -j DROP
I restarted httpd and still get the same thing. WTF???
OK, I figured it out. The IP address that was attacking is actually 63.240.230.5. nslookup on the above gives me 209.200.169.10. I really dislike reverse lookups in logs and such. &*^(*%$%*&^_
netstat with the '-n' flag is the norm for looking at such things. Never trust the reverse lookups as you see.
Phil.