Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   CentOS (http://www.linux-archive.org/centos/)
-   -   Hacking Issue (http://www.linux-archive.org/centos/580153-hacking-issue.html)

"Jennifer Botten" 09-26-2011 11:02 AM

Hacking Issue
 
Hi,


*


I am having an issue with someone accessing our server via a
SIP/VOIP connection. I have changed my iptables rules to drop all UDP traffic
from and too this IP address, but this traffic seems to still run through my
server. These are the iptables rules that I current have on the server.


-A INPUT -i eth0 -s 209.61.231.42 -p udp -j DROP


-A INPUT -i eth0 -d 209.61.231.42 -p udp -j DROP


*


Regards


*


*


Jennifer Botten


ETECH


*


*


*







_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Jorge Fábregas 09-26-2011 11:08 AM

Hacking Issue
 
On 09/26/2011 07:02 AM, Jennifer Botten wrote:
> -A INPUT -i eth0 -d 209.61.231.42 -p udp -j DROP

This needs to be:

-A OUTPUT -i eth0 -d 209.61.231.42 -p udp -j DROP

...if you want to drop packets initiated from your system to that
ip...which doesn't make any sense if you're dropping all the incoming
connection from that ip.

On why are you still getting packets from that ip... perhaps there's
also TCP traffic? If you want to completely drop packets from that ip
simply remove the protocol argument like this:

-A INPUT -i eth0 -s 209.61.231.42 -j DROP

HTH,
Jorge
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


All times are GMT. The time now is 07:10 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.