Debian :: Iptables Log UDP Flood Under 64 Packages?
Jan 22, 2011how to do iptables log to file UDP Flood under 64 packages?
View 14 Replies
ADVERTISEMENT
Server :: Iptables Configuration For UDP Flood?
Feb 21, 2011Banning the IP is the best way to protect your server but of course, attacker can use another IP and use a lot of your bandwidth until you find and ban the IP. So the only thing we can do to prevent this is, block the packets my iptables length module.
I check the bandwidth usage through "iftop". Incoming traffic is always like 120kb/second and that has to be that way because the traffic enters my server no doubt that it gets dropped by iptables later.
The actual thing what the Ddos ( UDP Flood ) does it that it causes an outbound traffic that eats up like 5mb/second easily and my servers lag. Only if the IP is banned, the outbound traffic comes to an end.
Now I want to use the length module to block it but it just won't work. I've tried the following and shuffled them too but no help.
Code:
iptables -I INPUT -p udp -m length --length 15 -j DROP
iptables -A INPUT -p udp -m length --length 15 -j DROP
Packet length is 15 according to tcpdump:
Code:
19:49:34.504864 IP fms-02.colt.net.belgamanagement.be.56413 > nyc.v1servers.com.20100: UDP, length 15
Debian Configuration :: Upgrade The Installed Packages From The Packages.debian.org Site?
Jul 22, 2010I have just installed Debian Lenny and was trying to upgrade the installed packages from the packages.debian.org site. when i asked synaptic to add the downloaded packages the would not appear, but when i checked the .xsessions file there are entries saying that the packages were being ingnored because they were either different versions, the MD5 did not match or even "can't find pkg". i have to use the local library to download the packages because i dont have an internet connection at home.
[Code]...
Networking :: DNAT IPtables - Default Gateway For Return Packages
Nov 26, 2009Client which uses an ISP with a Linux machine (Server 1) with two network cards. Eth0 with ip 1.1.1.2 and gateway 1.1.1.1 these ip's is not public ip's and falls unders the isp's internal range, eth1 with the internal ip range. OpenVPN listen on eth0 for incoming connections. We want to connect to Server1 from external networks. Due to different reasons the isp could not get the routing sorted and give us an public ip on his network. We had to setup another bos (Server2) with eth0 2.2.2.5 and gateway 2.2.2.1 which is public ip's and eth1 with ip 3.3.3.5. Server 2 can communicate via the ISP internal network with server 1. I use DNAT to forward all incoming connections on server 2 to server 1 but the problem I have is that server uses its default gateway for the return packages and does not sent the reply back to server 2. My iptables rules looks as follows on server 2.
/usr/sbin/iptables -t nat -A PREROUTING -p udp -i eth0 -d 196.25.157.135 --dport 1194 -j DNAT --to 192.168.100.170:1194
/usr/sbin/iptables -A FORWARD -p udp -i eth0 -d 192.168.100.170 --dport 1194 -j ACCEPT
Networking :: Tcpdump Shows Packages Even IPTables Policy Set To Drop
Feb 19, 2010I have set the iptables INPUT policy to DROP. As I have expected tcpdump wasn't showing any packages... for a while. Suddenly it begun to show UDP syslog packages being sent by a remote host. It is conform with the configuration of syslog, but since the INPUT policy was set to DROP, with no exceptions, it is not conform with configuration of iptables. Why after setting INPUT policy to DROP, with no exceptions most of the packets recieved before are being dropped and some not, as tcpdump shows?
View 7 Replies View RelatedUbuntu :: How To Avoid Flood When Using Gparted
May 15, 2010specs: toshiba lappy
110gb hdd, 1gb ram, core 2 duo 1.6ghz, nvidia 7600
windows xp pro service pack 3
jaunty jackalope
my problem is: i wanted to repartition (shrink xp and create partition for data storage) my hdd using gparted live cd 0.5.2-9. everything went fine until i clicked exit and reboot. after the cd tray automatically ejected i got a flood of "VFS: busy inodes on changed media or resized disk srO". this doesnt stop until i press enter. after that it reboots normally and there is no problem with the os.
my questions: 1) is that flood anything bad, is there a way to avoid this. i read somewhere that the problem is solved when using the terminal sudo eject - then push back the cd tray - then sudo eject -t. i tried that but it said failed because gparted cd is in use.
2) the first time that happened i didnt know what to do, so it flooded like for 15min or more until i pressed enter. my question is if the flood is being saved anywhere on the pc so that i have to delete it?
and a question regarding extended partition: 3) i have 50gb left that i want to use for data storage. i read that you can only have one extended partition. so since there is already one extended partition from ubuntu, i cant have another one for windows? so i can only make the data partition as primary or is there another reason why the "create extended partition" is greyed out?
last question: 4) when i set up the partition for swap i made it 1032gb big but in gparted it shows 980.53mb. is that still enough or why is it like that because somehow the sizes of the partitions seem a bit different than how they originally should be. im actually used in seeing the size shrinking a bit but i found it weird that the ubuntu partition shows 4.76 when it should be 4.5gb. i know its not much different but im just curious to know why..
partitions order: windows - unallocated (-->data partition) - ubuntu (primary) - home folder (extended) - swap
in windows the partitions are shown as: windows xp (31,74gb) - unallocated (50,05gb) - 4,76gb unkown - 24,27gb unkown - 981mb uknown
in gparted: its almost the same, only difference: there is unallocated space (7 or 8mb) between home folder and swap
Ubuntu Networking :: Generate Syn Flood Attack In Pc?
Aug 3, 2011I want to test syn flood attack in my pc
but i dnt know how to generate it, can you tell me
how to generate syn flood attack in pc
Security :: IRC Flood/DDoS Cause A Computer To Freeze?
Nov 10, 2010my computer froze solid, and it would not react to anything. X didn't react to Ctrl+Alt+Backspace, not Ctrl+Alt+Del, so I had to turn it off using the power button.
This is the first time my computer freezes like this, the log files did not reveal any HW errors. Is it possible that someone in the channel did not like my level of Java skill, and flooded me to disconnect?
By the way; Im using slackware 13.1 with the default kernel (2.6.33.4) and irssi as IRC client.
I know that if you eg. ICMP-flood someone, the traffic will be denied and, but can it provoke other behavior from the computer?
So my question is; can a IRC flood/DDoS attack cause a computer to freeze sub zero?
Debian :: Difference In Operation / Function Between Their Packages And The Packages Download On Virtualbox.org Website?
Feb 22, 2010On Debian repo I found virtualbox-ose packages there. What will be the difference in operation/function between their packages and the packages download on virtualbox.org website?
View 3 Replies View RelatedDebian :: Installing I386 Packages Prompts Removal Of Amd64 Packages
Apr 8, 2015I am working on a project which targets both 32 and 64 bit architectures at the moment. My system is amd64. I added i386 architecture using this guide. However, my problem is
Code: Select allapt-get install package-name:i386
prompts the removal of currently installed packages (amd64 arch.) which is the problem.
Code: Select allReading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
libportaudio0:i386
[Code] ...
Some of the packages I am talking about are
-libegl1-mesa-dev:i386
-libportaudio-dev:i386
Now, as of now, I want to carry out the compilation using 32 bit libraries, however, I really don't want to install 64bit version of all prerequisites each time I switch the compilation from 32 bit to 64. Is there any way to have both architectures at the same time?
Ubuntu :: Hyper Transport Sync Flood Error?
Oct 11, 2010Trying to install 10.10 netbook edition on my MSI U230 netbook from a USB drive. Keep getting the error "hyper transport sync flood error occurred on last boot" Press F1 to Resume. F1 causes just a reboot and the same thing happens. Anyone seen this error? It happens with both the netbook and desktop version.
View 9 Replies View RelatedNetworking :: System / Script To Detect Outgoing DOS Flood?
Oct 16, 2010I run a Centos server that quite a few people have access to. I trust every user on the system, but i've had problems before like one user's account gets hacked and someone starts using my box to DDOS. Each user has their own ip.. And I would like to write a script or use an existing solution (if one exists) to monitor number of tcp/udp connections each minute and see if it's unusually high. I don't want it to stop the flooding or anything, I just want to be notified by email or something.
View 1 Replies View RelatedNetworking :: Suitable Limit Rates For SYN, LOG & Ping Flood Prevention?
Jun 26, 2011one thing I'm not quite certain about is suitable limit rates for SYN, LOG & ping flood prevention. I suppose it depends a bit on traffic, as well as bandwidth. However, I don't want to limit the former. FWIW, I expect about as much traffic as a country road in the middle of nowhere, and my bandwidth for requests is 15 Mbps (Don't laugh. Content delivery is a pathetic 2 Mbps. That's a residential cable connection for ya...)Of all the tutorials/examples, I chose to go with Rusty Russel's limits, though they're dated 2002. Thus an excerpt of my firewall "script":
Code:
#!/bin/sh
# Saved in /etc/init.d, runlevels 2 3 4 5
[code]...
Debian :: Debian Lenny Iptables Does Not Logs
Mar 29, 2011I have problem with loging, actually iptables logs a data but it seems that for some reasons does not writes in a log file:
Code:
iptables -L -v
Chain INPUT (policy ACCEPT 406 packets, 124K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any xxxxxxxxxxx anywhere tcp dpt:xxxx
[Code]....
i checked /var/log/message and /var/log/syslog nothing is here related to iptables. then i create separate file for Iptables by adding this: kern.warning /var/log/iptables.log in my rsyslog.conf it does create iptables.log file inside /var/ but its still empty
Fedora Servers :: Unable To Restore My Iptables From Iptables-save After Upgrading
Nov 26, 2010I am unable to restore my iptables from iptables-save after upgrading Fedora. I cannot get iptables-restore to work, and I have resorted to entering rules manually using the GUI.
View 2 Replies View RelatedGeneral :: When Restart The Iptables Service Then The Firewall Entries Are Again Shown In Iptables?
Sep 17, 2010I am facing a strange problem witht my iptables as there are some firewall entries stored somewhere which is displaying the below firewall entries even after flushing the iptables & when I restart the iptables service then the firewall entries are again shown in my iptables as shown below,
[root@myhome ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
[code]....
Debian :: How To Set Iptables With Config
Feb 18, 2015I`d like to block bruteforce attack from china, russia to my mysql and i want to open 3306 mysql port just for one type adress from internet like this:: 212.23.165.xxx, and for others I want to block just for 3306.In my new installaton of weezy I`ve not configured iptables..how should looks like iptables config and how to set iptables with this config?
View 3 Replies View RelatedDebian :: Getting Iptables To Run On Boot?
May 30, 2011I don't like this[URL]because every time there is slight change in firewall rules, all that would have to be done again and again
View 3 Replies View RelatedUbuntu :: Try `iptables -h' Or 'iptables --help' For More Information - ' Not Found.4.4: Host/network `98.200.58.73
Nov 3, 2010I recently installed a new Ubuntu PC that runs iptables and PSAD. I had the same script on another Ubuntu PC, but when I copied the script onto the new PC, I got this error. I don't remember where I found the tutorial for this, all I know is that this is the script (Edited for my usage):
Code:
#!/bin/bash
# Script to check important ports on remote webserver
# Copyright (c) 2009 blogama.org
# This script is licensed under GNU GPL version 2.0 or above
[code]....
Safe.txt contains:
Code:
127.0.0.1
192.168.1.8
192.168.1.1
98.200.58.73
192.168.0.1
And the error message generated is:
Code:
root@NETWORK-SERVER:/var/ddosprotect# ./ipblock.sh
' not found.4.4: host/network `127.0.0.1
Try `iptables -h' or 'iptables --help' for more information.
' not found.4.4: host/network `192.168.1.8
[code]....
Fedora :: IPtables Creates An Error During Startup - Applying Firewall Rules: Iptables-restore: Line 21 Failed
Jul 17, 2010IPtables creates an error during startup as well as when I try to restart it: Here's the output of:
[Code]....
Debian :: Debian Disobeying Instruction - Ignore Command And Fetched Packages
Jul 19, 2011Upon installing Debian, it asked me if it can use a mirror to get updated packages. I said no, yet it ignored my command and fetched packages. Why did Debian disobey me?
View 12 Replies View RelatedDebian :: Iptables Cannot Save The Configuration?
Apr 28, 2011I am configuring the iptables in the debain squeeze and then running the: iptables-save
View 4 Replies View RelatedDebian Configuration :: Bad Argument '#' In Iptables
Jul 11, 2011I follow this instructions but after iptables-restore < /etc/iptables.test.rules I see this error # iptables-restore < /etc/iptables.test.rules Bad argument `#' Error occurred at line: 3 Try `iptables-restore -h' or 'iptables-restore --help' for more information. The line 3 is the same as the link - # Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
View 3 Replies View RelatedUbuntu Servers :: Setup Iptables Rules In /etc/if-up.d/iptables?
Apr 16, 2011I am running Ubuntu server 10.10 and trying to setup iptables rules in /etc/if-up.d/iptables
Quote:
root@host# cat /etc/network/if-up.d/iptables
#!/bin/sh -e
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Problem is that iptables doesn't get updated and I don't see them when iptables -L is executed after reboot.
CentOS 5 :: Custom Iptables: Remove The Existing Iptables First?
Apr 28, 2009To expand: I'm trying to set up a box with l7-filter, and I need to patch and compile iptables 1.4.1.1 as part of the process. I ./configured it with the prefix= argument so it would install into /sbin instead of /usr/sbin, and I did a yum remove iptables before installing it so as not to get in the way of the original iptables, but I'm wondering if this is really necessary - it's kind of annoying, because removing the original iptables removes the init.d script, deregisters the service, etc. If I don't, is it possible that iptables 1.4.1.1 might get overwritten in a system update or something, or will yum see that I've got a custom/newer version in there and leave it be?
View 4 Replies View RelatedDebian Installation :: Install All 20,000 Packages Of Debian 5.0.4 9n-newbie?
May 17, 2010After installing debian 5.0.4 basic from first dvd, I extracted all other dvd images to hard disk and pointed /etc/apt/sources.list point to all these directories.
after refreshing using synaptic package manager, I got list of all 20,000+ packages, and did a
"apt-get -y install ......(all 20,000 names)". It failed due to some conflicts. So I used "--force-yes -f " option as well.
It went on for nearly two days to install everything. (in between due to power failure, something was done half way and was able to login to KDE boot option and see lots of software installed.)
After complete install - it shows a startup screen of Debian EDu - but fails to boot up.
Is there a way to install all softwares + all XWindow systems simultaneously?
Debian :: Iptables - Netfilter Queue Handling
Jul 17, 2015I have created a nfq handler via nfq_open() and using the returned qhandle to bind my application program to a specific queue number that is configured in iptables. when i invoke nfq_create_queue() my program is stuck there and the back trace shows it is blocked in recvfrom()
bt
in recvfrom () from /lib/x86_64-linux-gnu/libpthread.so.0
in nfnl_recv () from /usr/lib/libnfnetlink.so.0
in nfnl_catch () from /usr/lib/libnfnetlink.so.0
Debian Installation :: How To Install Netfilter / Iptables
Apr 5, 2011How to install netfilter/iptables ? debian6
View 1 Replies View RelatedDebian Configuration :: Iptables Forwarding For Tomcat?
Nov 10, 2010I've been trying to forward some ports using iptables for some time now, but still haven't figured out how to get it to work..What i'm trying to accomplish is to forward all traffic from port 80 to port 8080, and all traffic from port 443 to port 8443, this because i would like to run tomcat as a non-root user, and the original ports can only be used as root.. I've currently setup my iptables like this:
# Generated by iptables-save v1.4.2 on Wed Nov 10 16:44:45 2010
*nat
:PREROUTING ACCEPT [39350:6120333]
[code].....
Debian Configuration :: Iptables Blocks FTP Connections
Jul 8, 2011For some reason my FTP packets are blocked by iptables even though I thought I allowed them through
My syslog errors are along this line:
And my iptables ruleset: