I have a related problem, but I am not sure if the source IPs are nasty computers or just...
# lsof -ni:www shows me lots of connections hanging in state CLOSE_WAIT from some hosts (often in China). These used to eat all sockets for httpd. Now I have a max-src-conn limit so it is not a real problem any more. I now also log hosts that succedes in getting many sockets in CLOSE_WAIT, and they are still there. What do the gurus say? What can I do about these hosts? On Fri, Dec 07, 2007 at 09:51:52AM -0800, badeguruji wrote: > I am getting constant hacking attempt into my computer > from following IPs. Although, I have configured my ssh > config and tcp-wrappers to deny such attempts. But I > wish some expert soul in this community 'fix' this > rouge hacker for ever, for everyones good. > > This hacker could be spoofing the IPs, but i have only > the IPs in my message logs(and a url)... > > 218.6.16.30 > 195.187.33.66 > 202.29.21.6 > 60.28.201.57 > 218.24.162.85 > wpc4643.amenworld.com > 202.22.251.23 > 219.143.232.131 > 220.227.218.21 > 124.30.42.36 > > -for community. > > -BG > > ________________________________ > ~~Kalyan-mastu~~ -- / Raimo Niskanen, Erlang/OTP, Ericsson AB
