Re: howto stop this packet

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> Eric!
> 
>     i know this iptables rule ,but 228.71.74.201:7777 is application port 
This indicates that you are using port 7777 on 228.71.74.201 for a
service, is this true?

>,this packet is dos attack ,pls tell me howto  drop this packet"win
>16384 <mss 1460,nop,nop,sackOK>"   ,thanks

I'm not seeing enough data with that statement to understand what you're
wanting to do exactly.  If the packet has some defineing characteristics
that never change, there's usually a way to filter for it with IPTables,
or with a module for it.

> 
> 
> 
>>jqb@xxxxxxxxxx wrote:
>>
>>>netfilter!
>>>    howto stop this packet on iptables firewall;
>>>tcpdump capture packet example:
>>>10:35:31.881722 IP 218.6.45.6.51755 > 228.71.74.201.7777: S 1432831257:1432831257(0) win 16384 <mss 1460,nop,nop,sackOK>
>>>
>>>10:35:36.214120 IP 219.147.192.18.1272 > 228.71.74.201.7777: S 490321:490321(0) win 6400 <mss 1460,nop,nop,sackOK>
>>>
>>>  
>>>
>>>Regards,	
>>>
>>>
>>>xjjjk
>>>jqb@xxxxxxxxxx
>>>2005-01-14
>>>
>>
>>iptables -A FORWARD -p tcp --dport 7777 -j DROP
>>
>>or
>>
>>iptables -A FORWARD -p tcp --destination 228.71.74.201 -j DROP
>>
>>depends on if you don't want to connect to that machine, or you just
>>don't want that machine connecting to that port.
>>
>>On a side note, you should have your default policies set to DROP anyway
>>on the default tables for best practice security.
>>
>>iptables -P INPUT DROP
>>iptables -P OUTPUT DROP
>>iptables -P FORWARD DROP
>>
>>and then just accept the data that you want to.  This is all covered in
>>the iptables tutortial @
>>http://iptables-tutorial.frozentux.net/iptables-tutorial.html
> 
>  jqb@xxxxxxxxxx wrote:
> 
>>netfilter!
>>    howto stop this packet on iptables firewall;
>>tcpdump capture packet example:
>>10:35:31.881722 IP 218.6.45.6.51755 > 228.71.74.201.7777: S 1432831257:1432831257(0) win 16384 <mss 1460,nop,nop,sackOK>
>>
>>10:35:36.214120 IP 219.147.192.18.1272 > 228.71.74.201.7777: S 490321:490321(0) win 6400 <mss 1460,nop,nop,sackOK>
>>
>>  
>>
>>Regards,	
>>
>>
>>xjjjk
>>jqb@xxxxxxxxxx
>>2005-01-14
>>
> 
> 
> 
> 
> Regards,	
> 
> xjjjk
> jqb@xxxxxxxxxx  
> 2005-01-15
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux