I would use an '-I' instead of '-A' if its a case of blocking an intruder.
You can use tcpdump and 'ss -l' as well.
Check out the application logs, try to see what's the intruder is up to!
On Mon, Sep 26, 2011 at 7:14 AM, Keith Roberts <keith@xxxxxxxxxxxx> wrote:
On Mon, 26 Sep 2011, Jennifer Botten wrote:
> To: centos@xxxxxxxxxx
> From: Jennifer Botten <jennifer@xxxxxxxxxxx>
> Subject: Hacking Issue
>
> Hi,
>
>
>
> I am having an issue with someone accessing our server via a SIP/VOIP
> connection. I have changed my iptables rules to drop all UDP traffic from
> and too this IP address, but this traffic seems to still run through my
> server. These are the iptables rules that I current have on the server.
>
> -A INPUT -i eth0 -s 209.61.231.42 -p udp -j DROP
>
> -A INPUT -i eth0 -d 209.61.231.42 -p udp -j DROP
You might find it helps to analyse this traffic with a
network analyser, like Wireshark. That would allow you to
see in almost real time what is happening on the line.
Kind Regards,
Keith Roberts
-----------------------------------------------------------------
Websites:
http://www.karsites.net
http://www.php-debuggers.net
http://www.raised-from-the-dead.org.uk
All email addresses are challenge-response protected with
TMDA [http://tmda.net]
-----------------------------------------------------------------
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
