[rlug] remote port

[Teo]

Salut,

De ceva vreme, am f mult trafic datorat unor statii virusate din
interiorul retelei.

000336 00:11:5b:15:d5:1c > 00:01:29:42:82:83, ethertype IPv4 (0x0800),
length 62: IP 192.168.1.94.1212 > 192.168.129.46.1433: S
3672958875:3672958875(0) win 65535 <mss 1460,nop,nop,sackOK>
000002 00:11:5b:15:d5:1c > 00:01:29:42:82:83, ethertype IPv4 (0x0800),
length 62: IP 192.168.1.94.1215 > 192.168.49.146.1433: S
3673141419:3673141419(0) win 65535 <mss 1460,nop,nop,sackOK>
000015 00:11:5b:15:d5:1c > 00:01:29:42:82:83, ethertype IPv4 (0x0800),
length 62: IP 192.168.1.94.1216 > 192.168.147.210.1433: S
3672737493:3672737493(0) win 65535 <mss 1460,nop,nop,sackOK>
000000 00:11:5b:15:d5:1c > 00:01:29:42:82:83, ethertype IPv4 (0x0800),
length 62: IP 192.168.1.94.1213 > 192.168.129.7.1433: S
3673022467:3673022467(0) win 65535 <mss 1460,nop,nop,sackOK>
000006 00:11:5b:15:d5:1c > 00:01:29:42:82:83, ethertype IPv4 (0x0800),
length 62: IP 192.168.1.94.1209 > 192.168.217.132.1433: S
3672790195:3672790195(0) win 65535 <mss 1460,nop,nop,sackOK>
000005 00:11:5b:15:d5:1c > 00:01:29:42:82:83, ethertype IPv4 (0x0800),
length 62: IP 192.168.1.94.1210 > 192.168.166.180.1433: S
3672848091:3672848091(0) win 65535 <mss 1460,nop,nop,sackOK>
000015 00:11:5b:15:d5:1c > 00:01:29:42:82:83, ethertype IPv4 (0x0800),
length 62: IP 192.168.1.94.1214 > 192.168.10.204.1433: S
3673087618:3673087618(0) win 65535 <mss 1460,nop,nop,sackOK>
000006 00:11:5b:15:d5:1c > 00:01:29:42:82:83, ethertype IPv4 (0x0800),
length 62: IP 192.168.1.94.1211 > 192.168.117.138.1433: S
3672900428:3672900428(0) win 65535 <mss 1460,nop,nop,sackOK>
-1. 999974 00:11:5b:15:d5:1c > 00:01:29:42:82:83, ethertype IPv4
(0x0800), length 62: IP 192.168.1.94.1243 > 192.168.132.40.1433: S
3675181497:3675181497(0) win 65535 <mss 1460,nop,nop,sackOK>
000001 00:e0:4c:c5:4b:4c > 00:01:29:42:82:83, ethertype IPv4 (0x0800),
length 62: IP 192.168.0.21.4703 > 192.168.251.145.1433: S
1014299775:1014299775(0) win 16384 <mss 1460,nop,nop,sackOK>
-1. 999973 00:e0:4c:bb:04:2e > 00:01:29:42:82:83, ethertype IPv4
(0x0800), length 62: IP 192.168.0.120.4457 > 192.168.34.131.1433: S
180668036:180668036(0) win 65535 <mss 1460,nop,nop,sackOK>
-1. 999956 00:e0:4c:bb:04:2e > 00:01:29:42:82:83, ethertype IPv4
(0x0800), length 62: IP 192.168.0.120.4458 > 192.168.170.234.1433: S
180726246:180726246(0) win 65535 <mss 1460,nop,nop,sackOK>
000063 00:e0:4c:bb:04:2e > 00:01:29:42:82:83, ethertype IPv4 (0x0800),
length 62: IP 192.168.0.120.4459 > 192.168.77.145.1433: S
180776064:180776064(0) win 65535 <mss 1460,nop,nop,sackOK>
000001 00:e0:4c:bb:04:2e > 00:01:29:42:82:83, ethertype IPv4 (0x0800),
length 62: IP 192.168.0.120.4460 > 192.168.143.223.1433: S
180819185:180819185(0) win 65535 <mss 1460,nop,nop,sackOK>
000001 00:e0:4c:bb:04:2e > 00:01:29:42:82:83, ethertype IPv4 (0x0800),
length 62: IP 192.168.0.120.4461 > 192.168.68.44.1433: S
180873534:180873534(0) win 65535 <mss 1460,nop,nop,sackOK>
000009 00:e0:4c:bb:04:2e > 00:01:29:42:82:83, ethertype IPv4 (0x0800),
length 62: IP 192.168.0.120.4462 > 192.168.148.45.1433: S
180932630:180932630(0) win 65535 <mss 1460,nop,nop,sackOK>
-1. 999954 00:11:5b:15:d5:1c > 00:01:29:42:82:83, ethertype IPv4
(0x0800), length 62: IP 192.168.1.94.1223 > 192.168.46.110.1433: S
3673510955:3673510955(0) win 65535 <mss 1460,nop,nop,sackOK>

Cum pot opri traficul care are ca destinatie portul 1433 pe orice ip
din internet? Eu am incercat asa:
iptables -A INPUT -i eth0 -p tcp --dport 1433 -j DROP
iptables -A OUTPUT -o eth0 -p tcp --dport 1433 -j DROP

insa efectul nu s-a aratat.

_______________________________________________
RLUG mailing list
RLUG@lists.lug.ro
http://lists.lug.ro/mailman/listinfo/rlug