Attack on port - block using iptables/apf
tcp 0 0 DEST.IP.ON.SERVER:25 24.159.170.25:4219 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 82.147.145.191:3602 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 24.170.184.132:1328 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 82.158.114.172:2276 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 83.25.90.176:4967 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 213.23.200.146:3288 ESTABLISHED
tcp 0 8 DEST.IP.ON.SERVER:25 71.2.22.73:1836 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 200.230.46.207:2437 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 212.92.12.21:3129 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 65.184.192.36:4953 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 69.245.246.40:4395 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 62.178.22.213:1682 ESTABLISHED
tcp 0 56 DEST.IP.ON.SERVER:25 217.254.119.108:3070 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 24.127.212.244:4283 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 81.190.139.127:2927 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 212.171.160.160:1907 ESTABLISHED
tcp 0 14 DEST.IP.ON.SERVER:25 80.108.203.186:3520 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 80.119.117.163:3954 ESTABLISHED
tcp 0 28 DEST.IP.ON.SERVER:25 195.4.214.162:3512 ESTABLISHED
tcp 0 56 DEST.IP.ON.SERVER:25 62.201.74.164:3305 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 24.51.162.235:1718 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 200.158.41.12:4485 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 81.192.175.180:2078 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 68.36.112.104:3833 ESTABLISHED
tcp 0 56 DEST.IP.ON.SERVER:25 207.44.166.180:1039 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 68.42.218.199:4382 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 24.193.33.215:3865 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 221.127.69.47:4806 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 24.216.185.52:2958 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 201.254.67.200:4719 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 24.63.10.64:1169 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 68.17.96.49:3239 ESTABLISHED
tcp 0 56 DEST.IP.ON.SERVER:25 217.132.132.202:4566 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 213.243.82.45:3862 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 24.178.114.93:3847 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 217.251.192.68:4057 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 83.102.234.196:3097 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 24.163.57.162:2422 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 82.147.145.191:3602 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 24.170.184.132:1328 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 82.158.114.172:2276 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 83.25.90.176:4967 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 213.23.200.146:3288 ESTABLISHED
tcp 0 8 DEST.IP.ON.SERVER:25 71.2.22.73:1836 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 200.230.46.207:2437 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 212.92.12.21:3129 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 65.184.192.36:4953 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 69.245.246.40:4395 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 62.178.22.213:1682 ESTABLISHED
tcp 0 56 DEST.IP.ON.SERVER:25 217.254.119.108:3070 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 24.127.212.244:4283 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 81.190.139.127:2927 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 212.171.160.160:1907 ESTABLISHED
tcp 0 14 DEST.IP.ON.SERVER:25 80.108.203.186:3520 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 80.119.117.163:3954 ESTABLISHED
tcp 0 28 DEST.IP.ON.SERVER:25 195.4.214.162:3512 ESTABLISHED
tcp 0 56 DEST.IP.ON.SERVER:25 62.201.74.164:3305 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 24.51.162.235:1718 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 200.158.41.12:4485 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 81.192.175.180:2078 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 68.36.112.104:3833 ESTABLISHED
tcp 0 56 DEST.IP.ON.SERVER:25 207.44.166.180:1039 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 68.42.218.199:4382 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 24.193.33.215:3865 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 221.127.69.47:4806 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 24.216.185.52:2958 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 201.254.67.200:4719 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 24.63.10.64:1169 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 68.17.96.49:3239 ESTABLISHED
tcp 0 56 DEST.IP.ON.SERVER:25 217.132.132.202:4566 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 213.243.82.45:3862 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 24.178.114.93:3847 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 217.251.192.68:4057 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 83.102.234.196:3097 ESTABLISHED
tcp 0 0 DEST.IP.ON.SERVER:25 24.163.57.162:2422 ESTABLISHED
I can't seem to block it through the deny file with the syntax "d=25:d=DEST.IP.ON.SERVER". That creates the following rule which should work, but doesn't:
DROP tcp -- 0.0.0.0/0 DEST.IP.ON.SERVER tcp dpt:25
DROP udp -- 0.0.0.0/0 DEST.IP.ON.SERVER udp dpt:25
Is there any way that I can close port 25 on that IP, or tell smtp to stop listening on that port? This is a Cpanel server.
- Matt
