Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
- Join Date
- Apr 2009
Urgent!! Please, please!! Iptables and flood.
My provider has given me my last warning to delete my Linux CentOS server.
The reason is that i run a chat service on that server, with port 6005 open. I receive every night a Syn-flood on this port. I cannot close it. And i do not need any protection script because the hardware firewall of provider is doing a great job (or my server would be every night off-line). But, the problem is, that my server replies to SYN packets, (from spoofed source ip's) with ACK packets. And some packets reach some networks who don't like it very muck, and send to my provider Abuse segnalation. They think i am port scanning them!!
Now, i have seen attacks come ALWAYS from remote ports 1024 and 3072, so i set up the following rules:
iptables -I INPUT -p tcp --sport 1024 -j DROP
iptables -I INPUT -p tcp --sport 3072 -j DROP
and, in addition:
iptables -I OUTPUT -p tcp --dport 1024 -j DROP
iptables -I OUTPUT -p tcp --dport 3072 -j DROP
But abuse warnings continued. I have now also added same rules on FORWARD chain but i am afraid it is not enough. What can I do? do you have any ideas?
I have already tcp cookies enabled. If i do not find solution in the next hours i'll be put offline.
Please give me support,
thanks so much!
What do you have as your default rule? It should be DROP
iptables -P INPUT DROP