[expert] Problem with Traffic on my Interface
Some days ago, I have an attack over my interface and i don´t know how to stop that. My log is fill with lines like follow; Aug 21 23:08:36 myhostname kernel: Packet log: input DENY eth1 PROTO=17 216.33.240.60:1053 myIP:53 L=59 S=0x00 I=50971 F=0x T=50 (#1) Someone know what can i do??? i'm desesperado. Best regards EPRO
Re: [expert] Problem with Traffic on my Interface
On Tuesday 21 August 2001 10:32 pm, Eduardo P. Román O. escribió: > Some days ago, I have an attack over my interface and i don´t know > how to stop that. Content-Type: multipart/alternative; boundary="=_NextPart_000_0020_01C12A99.9D4285F0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2505. X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2505. Not using M$ and html email would probly be a good start -- Tom Brinkman Galveston Bay Want to buy your Pack or Services from MandrakeSoft? Go to http://.mandrakestore.com
Re: [expert] Problem with Traffic on my Interface
My server is Linux on a Sun Sparc ultra 10, and my mail server is QMAIL. - Original Message - From: "Tom Brinkman" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, August 22, 2001 12:07 AM Subject: Re: [expert] Problem with Traffic on my Interface > On Tuesday 21 August 2001 10:32 pm, Eduardo P. Román O. escribió: > > Some days ago, I have an attack over my interface and i don´t know > > how to stop that. > > > Content-Type: multipart/alternative; > boundary="=_NextPart_000_0020_01C12A99.9D4285F0" > X-Priority: 3 > X-MSMail-Priority: Normal > X-Mailer: Microsoft Outlook Express 6.00.2505. > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2505. > > > Not using M$ and html email would probly be a good start > > -- > Tom Brinkman Galveston Bay > > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://.mandrakestore.com > Want to buy your Pack or Services from MandrakeSoft? Go to http://.mandrakestore.com
Re: [expert] Problem with Traffic on my Interface
Are you running any time of firewalling? That would just drop packets like this quite easily. I get port scanned all the time, but I've got iptables set up to DENY any packets going to the wrong ports. If you set it up with Bastille-firewall or the firewall configuration thing in DrakConf, you should be able to deal with this problem. It looks like you were just scanned anyway, not actually attacked. Have a nice day. Angus Written by Eduardo P. Román O. ([EMAIL PROTECTED]): > My server is Linux on a Sun Sparc ultra 10, and my mail server is QMAIL. > - Original Message - > From: "Tom Brinkman" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, August 22, 2001 12:07 AM > Subject: Re: [expert] Problem with Traffic on my Interface > > > > On Tuesday 21 August 2001 10:32 pm, Eduardo P. Román O. escribió: > > > Some days ago, I have an attack over my interface and i don´t know > > > how to stop that. > > > > > > Content-Type: multipart/alternative; > > boundary="=_NextPart_000_0020_01C12A99.9D4285F0" > > X-Priority: 3 > > X-MSMail-Priority: Normal > > X-Mailer: Microsoft Outlook Express 6.00.2505. > > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2505. > > > > > > Not using M$ and html email would probly be a good start > > > > -- > > Tom Brinkman Galveston Bay > > > > > > > > > > > > Want to buy your Pack or Services from MandrakeSoft? > > Go to http://.mandrakestore.com > > > > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://.mandrakestore.com -- | Angus Beath | Support Coordinator +61 2 42215600 | | ICQ: 44324120 | [EMAIL PROTECTED] | If you hear someone yell, "Empower THIS!!" try to put some distance between you and whatever happens next. - words from the wise DNRC. Want to buy your Pack or Services from MandrakeSoft? Go to http://.mandrakestore.com
Re: [expert] Problem with Traffic on my Interface
On 22-Aug-2001 Angus Beath wrote: > Are you running any time of firewalling? That would just drop packets like > this quite easily. I get port scanned all the time, > but I've got iptables set up to DENY any packets going to the wrong ports. If > you set it up with Bastille-firewall or the > firewall configuration thing in DrakConf, you should be able to deal with > this problem. It looks like you were just scanned > anyway, not actually attacked. Have a nice day. > > Angus > > It looks to me that he is running a firewall because the log says it has DENYied the package. If you don't want these logs you'll have to reconfigure your firewall so that it doesn't log this information. Gregor -- E-Mail: Gregor Maier <[EMAIL PROTECTED]> Date: 22-Aug-2001 Time: 08:42:55 -- Want to buy your Pack or Services from MandrakeSoft? Go to http://.mandrakestore.com
Re: [expert] Problem with Traffic on my Interface
I don't understand why my Linux lost the net. - Original Message - From: "Gregor Maier" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, August 22, 2001 2:47 AM Subject: Re: [expert] Problem with Traffic on my Interface > > On 22-Aug-2001 Angus Beath wrote: > > Are you running any time of firewalling? That would just drop packets like > > this quite easily. I get port scanned all the time, > > but I've got iptables set up to DENY any packets going to the wrong ports. If > > you set it up with Bastille-firewall or the > > firewall configuration thing in DrakConf, you should be able to deal with > > this problem. It looks like you were just scanned > > anyway, not actually attacked. Have a nice day. > > > > Angus > > > > > It looks to me that he is running a firewall because the log says it has > DENYied the package. > > If you don't want these logs you'll have to reconfigure your firewall so that it > doesn't log this information. > > Gregor > > -- > E-Mail: Gregor Maier <[EMAIL PROTECTED]> > Date: 22-Aug-2001 > Time: 08:42:55 > -- > > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://.mandrakestore.com > Want to buy your Pack or Services from MandrakeSoft? Go to http://.mandrakestore.com
