=?iso-8859-15?Q?cos'?= =?iso-8859-15?Q?=E8?= questo? attacco DOS?

Mon, 13 Oct 2003 12:20:41 -0500 

me ne sono accorto oggi con un tail -f syslog. dal 7 ottobre ho il log
pieno di questi messaggi generati da iptables:

...
Dropping: IN=ppp0 OUT= MAC= SRC=80.186.168.191 DST=80.183.122.125 LEN=92
TOS=0x00 PREC=0x00 TTL=113 ID=55768 PROTO=ICMP TYPE=8 CODE=0 ID=512
SEQ=29289
...

pi� o meno 1 al secondo. mi chedevo che roba siano. ho provato un whois
ma non � che me ne faccia poi molto delle informazioni che ottengo.

ad ogni modo questo � lo script che uso per iptables (dal security
quickstart howto):

#!/bin/sh
IPTABLES=/sbin/iptables
WAN_IFACE="ppp0"
ANYWHERE="0/0"
modprobe ip_conntrack_ftp
# Let's start clean and flush all chains to an empty state.
$IPTABLES -F  
# Set the default policies of the built-in chains. If no match for any 
# of the rules below, these will be the defaults that IPTABLES uses.
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P INPUT DROP
# Accept localhost/loopback traffic.
$IPTABLES -A INPUT -i lo -j ACCEPT
# ICMP rules, allow the bare essential types of ICMP only. Ping
# request is blocked, ie we won't respond to someone else's pings,
# but can still ping out.
$IPTABLES -A INPUT  -p icmp  --icmp-type echo-reply \
   -s $ANYWHERE -i $WAN_IFACE -j ACCEPT
$IPTABLES -A INPUT  -p icmp  --icmp-type destination-unreachable \
   -s $ANYWHERE -i $WAN_IFACE -j ACCEPT
$IPTABLES -A INPUT  -p icmp  --icmp-type time-exceeded \
   -s $ANYWHERE -i $WAN_IFACE -j ACCEPT
###################################################################
# Set the catchall, default rule to DENY, and log it all. All other
# traffic not allowed by the rules above, winds up here, where it is
# blocked and logged. This is the default policy for this chain
# anyway, so we are just adding the logging ability here with '-j
# LOG'. Outgoing traffic is allowed as the default policy for the
# 'output' chain. There are no restrictions on that.
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -m state --state NEW -i ! $WAN_IFACE -j ACCEPT
$IPTABLES -A INPUT -j LOG -m limit --limit 30/minute --log-prefix "Dropping: "


lo script dovrebbe essere a posto.
cosa ne dite? capita anche a voi? devo preoccuparmi?

ciao
-- 
Leonardo Canducci - [EMAIL PROTECTED]
GPG Key ID: 429683DA

Rispondere a