Mailinglist Archive: opensuse-security (359 mails)

< Previous Next >
Fwd: [suse-security] Im under DoS attack!
  • From: Marcos Rojas <marcos1948@xxxxxxxxxxxx>
  • Date: Fri, 11 Jul 2003 18:51:10 -0300 (ART)
  • Message-id: <20030711215110.54902.qmail@xxxxxxxxxxxxxxxxxxxxxxx>
What do you think about this rule?

iptables -I INPUT -s <IP_HOSTIL> -j DROP



Marcos Rojas <marcos1948@xxxxxxxxxxxx> wrote: Fecha: Fri, 11 Jul 2003 18:35:32 -0300 (ART)
De: Marcos Rojas
A: suse-security@xxxxxxxx
Asunto: [suse-security] I´m under DoS attack!

Do someone know how can i protect my Server, Iptables rules, Susefirewall?

Now are only 3 IPs sources where the attack comes from (is a small one) ...

Should I filter the Ips with Iptables?

Example - apache-error-log:

[Fri Jul 11 15:27:10 2003] [error] [client xxx.xxx.xxx.xxx] request failed: erroneous characters after protocol string:
\t\x97\xf2|\xfbS?Xdm8\xd4\xfa\xca\x03\x11\xb1\xa1\xc8\"\x99\xd2\xb7\t\x04zN\xe1\xe7\xc4\xd4^\x83\x02*sD\xfb\xc2R\xe8\x87\xef\x99\xe5Za\xca\x06\x1e\xe8\x16\xd5\xa9#F\xe3\xe4\x7fD\xeb\x02\xc3\xe4\x01\x1b\xb1\xb0\x1b\x96%\xe6\x0cM\xa4\xc0\xb5\xeb8\xf7z\x99z\x8a\xf2\xda\xef\xbc\xe4\xb4\x99\\p\x11\xc6I\x89e-5\xab\x90\x12\x86Fe\xd7B2\x80+\x9fS\xb0\x1d{\xe0\xe1==x\xca\xbaeb\x1d\xc7g\x19\x01D\xba\b\xc1\x9b,\x92\xc5\xe7xU\xc2\\\x1b\xb0/\xe3b\x82\xf8\x05\xc75\x1f\xa0\xd2M\x1a\xab\xfe\x1c\xf4\x8bO\x9ae\xae\xc8\xcb: xfe

[Fri Jul 11 16:13:03 2003] [error] [client xxx.xxx.xxx.xxx] Invalid URI in request É#26;?¹">¦ñ©æt¨bf8Ó¿óÝ@©êNNËH¤ A$>É?¹

[Fri Jul 11 16:13:09 2003] [error] [client xxx.xxx.xxx.xxx] Invalid URI in request hInW‚|ÿ ègOž


[Fri Jul 11 16:13:18 2003] [error] [client xxx.xxx.xxx.xxx] request failed: erroneous characters after protocol string: \xbe\xb6\x18\xc4>\x81\x18\xe4\xc1\x8ei\xc2\xe9\x0cT\x1c\xd3\xaf\x85t?JXQ\xf0\xa0S\xa6Ww\xf3\x93k\xef\xacL\xdb\x13+Vg\xac\xde\xf8\x8b]\xb6\xf0_\xec,\xbb\x11\xb4\x0c\xb1g?\xfdb\b\x8f\xbdQ\xee\xf9\\\x1d\xd6\xa4v\xbce\xea\v\t\xa4\x02\x8a|\xb2\xdb/9\xbaK\x8fM#ir4\x067\xe0\x9e\xe4\x84~r\x98\x11\xb8\xf4\x19\xcbBg\xd3\xaa\xc3\xcf\x15\xb7h\xb9\t\xfe^\xad\xe8k8\x05z9\x91\xfa\xd6\xa8\xf1\x05o\xf7\xf5dQ\x91\xab\xfa\xa7\x82<]\x81/\xcd+\xd4C\xa6\x9c\xc2E\xc2\xec\xb7\xee/\xb0\x94
\x89\x1a.\x13\xb1\xdcw\xbfRC\xa3[]\xcf;\x1e\xb5\"nH-\x1b\xa8e\xafBg\xd0\xbdgIw\x1e\x86i\xde\xd1\xee\xebhF\xa2B\x1b\x96\xc1Yz\xccj\xc4Jh\xb2\xcf\xb8\xb1\\\x8a\xa4\xdaXn\xb0\xcc~C\x97'\x82A\xc0\x83%u\x14\xfa\xa8f\x0c\xeb\x86\xf8\x0e\xf9c\x92\xf9T?|\xfe:O\x1f\xad;R{\xa8W\x17'\xf7\xb3bd#\xc9\x97\x98JH}\xfe\x0ceC\x9c\xa7r\xc0v`\xb1\xff\x02&j\xfb\xdbr;\xa7\xb9q\xb02\xa1e\x14\x88YILk\x9b\x11\x8e\xb0\xf1\xe6\xcc\xfb;\xc2F\xa2M\xbe\x03\x9c\x0c\xb7\xb7\xdbtG\xea\xdd\xdf\xf3W\x7f\x85\xa6\x92\x11@_\xee\xaf\x92'\x9e\xce\xe9E\x1a\x15\"\xb3\xc4nKI\xb4\xa4n\xb5\xa0\x8b\xfb\x83\x0f\xfa\xbcS\xaaB\xd2\x8a\xd5\x8d\xcaU\x9b\t-\xea\xe5IR\x12\xf0\xe7v\xe3\xfeo\x0e\xd2Lx\\\xeaD\x14@W\xf2kQ'\xbc\xa2V\xc5iY\xe6RGs\xc0\x8fm\xa7j\xfa0\x8cv\xecZN\xa8's\xeb\\\xae?\xa3\"\xd9\x88\xa9\xaa\xa8\x1e\x1f\xe7X\x1bBo4k\xe0!\xae\x8c\x13\v\xae\x93S:i_b\\V\xdeK\xa5\xad~\xc0\x8dY\x8d\x9c\x17\xa3





---------------------------------
Internet GRATIS es Yahoo! Conexión.
Usuario: yahoo; contraseña: yahoo
Desde Buenos Aires: 4004-1010
Más ciudades: clic aquí.
< Previous Next >