2/22/02 10:58:34 AM, "Oliver Krapp - etracker.de" <oliver.krapp@etracker.de> wrote:
Hi, since a few day there is much in traffic (~100 kbit/sec) from a specified host to my server, I notice this first on my mrtg graph, then detailed with ntop.
I want to block the IP with the following iptables commands:
iptables -A OUTPUT -j DROP -d xxx.xxx.xxx.xxx iptables -A OUTPUT -j DROP -s xxx.xxx.xxx.xxx iptables -A INPUT -j DROP -d xxx.xxx.xxx.xxx iptables -A INPUT -j DROP -s xxx.xxx.xxx.xxx
If you use SNAT or DNAT and that IP is matched by an SNAT or DNAT rule then the INPUT and OUPUT chains are not used. Instead use the FORWARD chain.
A further look with iptables -L INPUT -vn (or OUTPUT) shows that there are no packets dropped.
The webmaster of the IP tells me that there is no traffic from this host to my. So I think that the packets are forged.
Any ideas/help what I can do against this attack?
Thanks Oliver Krapp
-----------------------------------------------< etracker.de e.K. - Schopstraße 16 - 20255 Hamburg
http://www.etracker.de we're counting on you!
EMail: oliver.krapp@etracker.de Tel: +49-40-43180803 Mobil: +49-179-4896999
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here