Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Urgent!! Please, please!! Iptables and flood.

    Hi all,

    My provider has given me my last warning to delete my Linux CentOS server.
    The reason is that i run a chat service on that server, with port 6005 open. I receive every night a Syn-flood on this port. I cannot close it. And i do not need any protection script because the hardware firewall of provider is doing a great job (or my server would be every night off-line). But, the problem is, that my server replies to SYN packets, (from spoofed source ip's) with ACK packets. And some packets reach some networks who don't like it very muck, and send to my provider Abuse segnalation. They think i am port scanning them!!
    Now, i have seen attacks come ALWAYS from remote ports 1024 and 3072, so i set up the following rules:

    iptables -I INPUT -p tcp --sport 1024 -j DROP
    iptables -I INPUT -p tcp --sport 3072 -j DROP

    and, in addition:

    iptables -I OUTPUT -p tcp --dport 1024 -j DROP
    iptables -I OUTPUT -p tcp --dport 3072 -j DROP

    But abuse warnings continued. I have now also added same rules on FORWARD chain but i am afraid it is not enough. What can I do? do you have any ideas?
    I have already tcp cookies enabled. If i do not find solution in the next hours i'll be put offline.
    Please give me support,

    thanks so much!

  2. #2
    Linux Newbie Ziplock's Avatar
    Join Date
    Jan 2009
    What do you have as your default rule? It should be DROP

    iptables -P INPUT DROP
    Then include rules that only allow traffic to your chat service.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts