I'm using DCD, I set it up as firewall, with IP aliasing on eth0, DMZ
switch=PRIVATE on eth2 and internal network on eth1.(thank's to bela,charles
and ray).
I've got tons of logs of hits on port 53 like the following examples :
Feb 14 06:42:04 firewall syslogd 1.3-3#31.slink1: restart.
Feb 14 07:31:08 firewall kernel: Packet log: input DENY eth0 PROTO=6
167.216.144.43:53 202.149.81.55:53 L=44 S=0x00 I=0 F=0x0000 T=239 (#48)
Feb 14 07:31:08 firewall kernel: Packet log: input DENY eth0 PROTO=6
167.216.144.43:53 202.149.81.55:53 L=44 S=0x00 I=0 F=0x0000 T=239 (#48)
Feb 14 07:31:08 firewall kernel: Packet log: input DENY eth0 PROTO=6
167.216.248.60:53 202.149.81.55:53 L=44 S=0x00 I=0 F=0x0000 T=236 (#48)
Feb 14 07:31:08 firewall kernel: Packet log: input DENY eth0 PROTO=6
167.216.248.60:53 202.149.81.55:53 L=44 S=0x00 I=0 F=0x0000 T=236 (#48)
-----snip
I've search the mailing list archives and found these following extra lines
to add to ipfilter.conf file :
# New Port 53 filter start IP_LIST="`cat /etc/dns_floods`"
for IP in $IP_LIST; do
$IPCH -I input -j DENY -p tcp -s $IP/32 -d $EXTERN_IP/32 53 -i$EXTERN_IF
done; unset IP
#New Port 53 filter end
I've created the */etc/dns_floods* file as instructed in the archive and
also added some more IP#'s and then did *svi network reload*, but those hits
don't seems to stop.
any idea?
thank's in advance.
regards,
Gregor
+Gregor Gede W.
+CENTER FOR INFORMATION SYSTEM
+ATMA JAYA YOGYAKARTA UNIVERSITY
[EMAIL PROTECTED]
+62 81 2271 0583
+62 81 7467 518
WATCHOUT! 3RD INTERNATIONAL SEMINAR ON SUSTAINABLE ENVIRONTMENTAL
ARCHITECTURE + DIGITAL ARCHITECTURE, 9-10 MARCH 2002, YOGYAKARTA
http://senvar.virtue.nu or http://senvar.uajy.web.id
NATIONAL DESIGN COMPETITION
http://senvar.uajy.web.id/lombadesain
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
