On Wed, 06 Nov 2024 22:40:08 +0000 Matt Palmer mpalmer@hezmatt.org allegedly wrote:
Egress rules won't help, because the traffic never hits your server -- the source IP address is spoofed as yours, but the packets are injected into the Internet from another location entirely.
But they will allow you to prove to yourself, and your ISP, that the spoofed packets CANNOT have come from your address.
I now have such egress iptables rules on my node blocking all access to:
202.91.160.0/24 202.91.161.0/24 202.91.162.0/24 202.91.163.0/24
And as further proof (if any were needed) that watchdogcyberdefense.com is run by bozos one of their "abuse" reports to Hetzner reportedly shows a “log entry” which reported attacks from my IP address to the RFC 1918 address 192.168.200.216. That address, like all such 192.168/16 prefix addresses is not even routeable across the internet.
Mick
--------------------------------------------------------------------- Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 blog: baldric.net ---------------------------------------------------------------------