How to stop the flood?

Rikunj rikunj at raha.com
Thu Apr 28 15:35:14 CEST 2005


Hello All,

I am seeing lots of this kind of scanning flood attack from different IP
within my

network and even from outside.

How can I stop and protect from this kind of attack?

Any specific iptables rule-set or clue would be appreciated.

---------Log from clients Dlink Router---------------------

Thu Apr 28 10:39:07 2005 Unrecognized attempt blocked from
192.168.25.208:3113 to TCP port 1025
Thu Apr 28 10:39:09 2005 Unrecognized attempt blocked from
192.168.25.208:3113 to TCP port 1025
Thu Apr 28 10:39:52 2005 Unrecognized attempt blocked from
192.168.25.208:3345 to TCP port 6129
Thu Apr 28 10:39:56 2005 Unrecognized attempt blocked from
192.168.25.208:3345 to TCP port 6129
Thu Apr 28 10:40:01 2005 Unrecognized attempt blocked from
192.168.25.208:3345 to TCP port 6129
Thu Apr 28 10:40:12 2005 Unrecognized attempt blocked from
192.168.25.208:3450 to TCP port 80
Thu Apr 28 10:40:20 2005 Unrecognized attempt blocked from
192.168.25.208:3450 to TCP port 80
Thu Apr 28 10:40:32 2005 Unrecognized attempt blocked from
192.168.25.208:3568 to TCP port 443
Thu Apr 28 10:40:35 2005 Unrecognized attempt blocked from
192.168.25.208:3568 to TCP port 443
Thu Apr 28 10:40:44 2005 Unrecognized attempt blocked from
192.168.25.208:3568 to TCP port 443

---------Log from clients Dlink Router---------------------

Regards,
Rikunj





More information about the netfilter mailing list