Re: directpc.com question... (deals with pf... )

On Wed, Dec 18, 2002 at 08:09:15PM -0600, Shawn Mitchell wrote:
> That's why I'm blocking those Winblows ports...    I know what they are..
> but it's just the pure number of full network scans attempted.
well, that's what worms do.  i can't say i'm surprised.
> I'm not talking about their website IP Address...   your correct in that
> they have a modem for upstream, and that dish for downstream.
i'm not talking about their website ip address either...
> If a packet with a source address that is not one of my IP Addresses or on
> RFC1918 tries to leave my internet interface... it's killed...  I do that on
> purpose as I don't want broadband users having their machines turned to
> zombies, or their 12 year old kid finding a "cool" script.
uh.  how does this tie in with direcpc users?  are direcpc users using
your dial-up service for their upstream?
> Their site say's Earthlink... but they say their an Ecorp company or
> something...
ecorp could be earthlink corporation...
> What happens if they are using RFC1918 addresses?  I've been seeing a LOT of
> 10 dot traffic trying to exit... and also hit my DNS servers.
they should be using direcpc's dial-up service, not yours.
> If their using 10 dot addresses (which is stupid), I'm ok with allowing
> it... IF I know all the places that it's suppose to goto.
uh. how is it supposed to get delivered? most places drop packets
destined for private networks.
> It just pisses me off when you spend an hour on their tech support line, and
> they say "We can't give you those addresses for security reasons"  I'm just
> like.. ok.. my network.. I see all the traffic anyway...   After that, he
> kept telling me that "No, we're not blocking anything"  me: "No, I need to
> know your IP Address's Blocks.  They'll be something like a or
> something like that"   him:  "No, we're not blocking any ip addresses"
if you see all the traffic, then do a lookup on arin.net to find the
blocks allocated to them..?
- jolan