hi,all please help me. my linux server installed redhat 9 + apache 1.3.29. passing through some attack. in apache acc_log,like : 221.233.227.230 - - [17/Jan/2004:17:26:32 +0800] "-" 408 - 221.233.227.230 - - [17/Jan/2004:17:26:32 +0800] "-" 408 - 221.233.227.230 - - [17/Jan/2004:17:26:32 +0800] "-" 408 - 61.145.188.110 - - [17/Jan/2004:17:26:32 +0800] "-" 408 - 210.38.179.145 - - [17/Jan/2004:17:26:32 +0800] "-" 408 - 221.233.227.230 - - [17/Jan/2004:17:26:32 +0800] "-" 408 - but no err_log. some packge like : Jan 18 19:35:53 linux-sv1 kernel: IN=eth0 OUT= MAC=00:07:e9:6c:4c:49:00:02:b3:03:e3:67:08:00 SRC=220.173.8.56 DST=61.135.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=114 ID=42497 DF PROTO=TCP SPT=60177 DPT=80 WINDOW=8280 RES=0x00 ACK URGP=0 Jan 18 19:35:53 linux-sv1 kernel: IN=eth0 OUT= MAC=00:07:e9:6c:4c:49:00:02:b3:03:e3:67:08:00 SRC=220.173.8.56 DST=61.135.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=114 ID=42753 DF PROTO=TCP SPT=60177 DPT=80 WINDOW=8280 RES=0x00 ACK URGP=0 Jan 18 19:35:53 linux-sv1 kernel: IN=eth0 OUT= MAC=00:07:e9:6c:4c:49:00:02:b3:03:e3:67:08:00 SRC=61.173.25.88 DST=61.135.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=115 ID=53402 DF PROTO=TCP SPT=63601 DPT=80 WINDOW=16560 RES=0x00 ACK URGP=0 Jan 18 19:35:53 linux-sv1 kernel: IN=eth0 OUT= MAC=00:07:e9:6c:4c:49:00:02:b3:03:e3:67:08:00 SRC=220.173.8.56 DST=61.135.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=114 ID=43265 DF PROTO=TCP SPT=60182 DPT=80 WINDOW=8280 RES=0x00 ACK URGP=0 how to set this iptables rules? what's this attack? thanks your any help!
