Re: IPSEC not blocking specific IP address per Ethereal

From: Alfredo (alfredo_at_KILL_SPAM_megapath.net)
Date: 04/19/05


Date: Tue, 19 Apr 2005 16:51:19 GMT


"T. Sean Weintz" <strap@hanh-ct.org> sez :

>Alfredo wrote:
>> it could be that ethereal is
>> capturing the packets before IPSEC gets to block them
>Yup. That is what's happening.

Wait, that can't be it, because there's also the case of the flooding
spammer trying to relay through me.

I placed his IP on the same "block" list, and yet my SMTP inlog still
shows his flood of email attempts *after* I put him on the IPSEC block
list exactly like I did with the worm above. His packets are still
getting through. This is an IPSEC issue.

Can anyone see what I have done wrong in my IPSEC policy? I am getting
overwhelmed with worms and spammers doing what amounts to a DOS attack
on my server and I would like to stop them.