How to stop the flood?

Dwayne Hottinger dhottinger at harrisonburg.k12.va.us
Thu Apr 28 17:54:19 CEST 2005


Im confused.  Why would you allow someone on your network (subnet or net) do
such a thing.  Cant you just not give them access, either via dhcp or some
other way.  Sounds almost like an issue for management ie someone needs to
start looking for employment elsewhere.

ddh

Quoting Rob Sterenborg <rob at sterenborg.info>:

> netfilter-bounces at lists.netfilter.org <> scribbled on Thursday, 28 April
> 2005 16:48:
>
> > Thankyou for the reply.
> >
> > This was the log from one of my client who was attacked from a client
> > on other subnet.
> >
> > My network consist of clients from different subnets of /24.
> >
> > The attacks from one subnet travels through my linux router
> > and hits the client on other subnet.
> >
> > I tried few rules as below but seems not to be working.
>
> The script doesn't block any packets from 192.168.25.208.
> If 192.168.25.208 isn't allowed passing your router, you should block it
> :
>
> $IPT -A FORWARD -s 192.168.25.208 [-d <destination_ip>] \
>   -j [DROP|REJECT --reject-with-tcp-reset]
>
> Or something like that.
>
> The real solution is like Jason said : track down the person at
> 192.168.25.208 and kick his/her ass !
>
>
> Gr,
> Rob
>
>


--
Dwayne Hottinger
Network Administrator
Harrisonburg City Public Schools



More information about the netfilter mailing list