Per Jessen wrote:
Togan Muftuoglu wrote:
On 04/04/2013 02:19 PM, Marcus Meissner wrote:
On Thu, Apr 04, 2013 at 02:10:58PM +0200, Togan Muftuoglu wrote:
Hi Per, On 04/04/2013 01:41 PM, Per Jessen wrote: There is the first drop...
I guess dropping was not the issue but keeping the dropped attacker for a long time in hold was the issue for me
Togan
Here is what used to have:
## SIP flood protection $IPTABLES -A INPUT -i $EXTERNALIF -p udp --dport 5060 -m recent --name sipattack --set $IPTABLES -A INPUT -i $EXTERNALIF -p udp --dport 5060 -m recent --name sipattack --update --seconds 60 --hitcount 6 -j LOG --log-prefix 'SIP attack: ' $IPTABLES -A INPUT -i $EXTERNALIF -p udp --dport 5060 -m recent --name sipattack --update --seconds 60 --hitcount 6 -j DROP
Update - the above does in fact work, it was triggered quite a few times last night. However, as I said yesterday, I don't currently have any external SIP users, but I'm pretty certain the above also gave legitimate users a problem. -- Per Jessen, Zürich (3.4°C) http://www.dns24.ch/ - free DNS hosting, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org