Was someone trying to attack me?

[sfamonkey]

A couple days ago I think someone tried to attack me.

The log looked like this:
172.0.0.1:1005
172.0.0.1:1006
and the port numbers just changed at changed.

[Rafi]

you can ban the attacker's IP!

[sfamonkey]

I wanted to but when the ip was like 172.0.0.1:1250 it stayed there for like a sec and a new port was there and it kept changing ports so I couldn't block them.

[TGeRi]

""

Special-Use Addresses

Several address ranges are reserved for "Special Use". These addresses all have restrictions of some sort placed on their use, and in general should not appear in normal use on the public Internet. The following briefly documents these addresses – in general they are used in specialized technical contexts. They are described in more detail in RFC 3330.
"Private Use" IP addresses:
        10.0.0.0 - 10.255.255.255
        172.16.0.0 - 172.31.255.255
        192.168.0.0 - 192.168.255.255

The above address blocks are reserved for use on private networks, and should never appear in the public Internet. There are hundreds of thousands of such private networks (for example home firewalls sometimes make use of them). The IANA has no record of who uses these address blocks. Anyone may use these address blocks within their own network without any prior notification to IANA.

The point of private address space is to allow many organizations in different places to use the same addresses, and as long as these disconnected or self-contained islands of IP-speaking computers (private intranets) are not connected, there is no problem. If you see an apparent attack, or spam, coming from one of these address ranges, then either it is coming from your local environment, or the address has been "spoofed".
""

(from: http://www.iana.org/faqs/abuse-faq.htm#StructureofIPAddresses)

So this is very strage but still, i think u can ban "whole" 172.0.0.1 without setting the porty so then all the ports for that ip will be banned.

Please correct me if i am wrong.

[Rafi]

Yes, that's what I sugested. And make sure it is not from one of your own PCs on your internal net (if you have one).

BTW - I'm not sure what is the format to define baned IP ranges

[rejetto]

1) 172.0.0.1 is not in the range 172.16.0.0 - 172.31.255.255

2) 172.0.0.1 is very similar to 127.0.0.1   ...are you sure it ws 172 and not 127 ?

3) the remote port is changing at each connection, yes, it is normal, it always happens, with any server software. that is not your port, and it is unimportant to you.

4) that port changes, and you can still ban it. the IP address does not include the port. it is the TCP address that includes the port. When you ban someone you ban the IP address, specifying NOT the port.
anyway, in HFS you can ban using wildcards, like 195.31.* and it will ban the whole class.

[Rafi]

anyway, in HFS you can ban using wildcards, like 195.31.* and it will ban the whole class.

So how can you ban, for your example :
172.16.0.0 - 172.31.255.255  ? 16 lines ?

May be in some future version you can add a from-to range possibility.

[rejetto]

7, not 16
because you can use 172.2?.*

[Rafi]

7, not 16
because you can use 172.2?.*

Wise guy...    and how many lines for 172.11.0.0 - 172.38.0.128 ?  

[rejetto]

Wise guy...    and how many lines for 172.11.0.0 - 172.38.0.128 ?  

what quiz show is this? :shade:

[Rafi]

Wise guy...    and how many lines for 172.11.0.0 - 172.38.0.128 ?  

what quiz show is this? :shade:

Not a quiz show... a promotion for adding support for IP-range ban    
A.: 26  :?:

It is realy not so important...

[rejetto]

IP ranges will be supported

[AwPhuch]

How bout getting a good firewall!?!?

http://www.smoothwall.org

Brian
AwPhuch

[Mr. Anon]

A firewall would not help if you decide to open a port to the Internet.
That means either you close access to the external Internet or allow access and risk being attacked. For now, HFS is not suspectable to known attacks.