-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jens wrote:> On Monday 04 October 2004 09:29, Nerijus wrote:
>
> Hmmm ..... interesting to see this here.
> I have seen a large number of posts of similar stuff here - probably all
> virus/trojan loaded. All the mail coming to me directly is reportedly
(as> per logs) from 195.5.56.40. I had not run a blacklist before but
decided to> start one up just for this one IP. Alas, despite doing a shorewall
refresh> the same garbage continues to come thru.
> Is it possible to spoof the ip number that is listed in the logs as
''connect> from'' ?
I wouldn''t think so.
> Both interfaces to the outside have ''blacklist'' in the
options,
shorewall.conf> has blacklistnewonly=yes (but I checked for connections and there were
none).> Also in shorewall.conf is blacklist_disposition = drop.
Sounds like it is set up properly but I couldn''t be certain without
seeing the output of "shorewall status".
>
> I was just going to live with it but since it''s also showing up
here I
thought> I would follow up.
I have several hosts/domains blacklisted for TCP 25 in my blacklist file
and it works.
- -Tom
- --
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBYXPnO/MAbZfjDLIRAp7yAJ40TXpUMfEhzUrJDAmbgx/wVRP6PgCgwP3T
gcdwwmbCb0GpJYCrGx01z3s=oo2D
-----END PGP SIGNATURE-----