On Sat, 8 Mar 2003 19:57:57 -0800 (PST) [EMAIL PROTECTED] (David E. Fox) wrote:
> I am a pretty fair newbie in internet security issues, use of iptables > and so forth. But I already have been attacked by some variant of a > worm that attacked certain ports on my system, slowing my internet > connection etc. I noticed before certain udp checksom problems when > that happened, and at the time (8.2) installed portsentry. > > Anyhow, in grepping my last month's worth of logs, I noticed a few > liens like: > > Feb 3 14:38:35 m206-157 kernel: UDP: bad checksum. From > 210.241.254.126:1812 to 198.144.206.157:1812 ulen 49 Feb 4 21:33:15 > m206-157 kernel: UDP: bad checksum. From 210.241.254.126:1812 to > 198.144.206.157:1812 ulen 49 > > These lines are very similar to log entries I got when that problem > surfaced a couple of months ago. The only difference are the input and > output ports. It seems much less rampant than the problem I > experienced before. > > Question - is this another variant - and what if any purpose do ports > 1812 and 3530 serve? # grep 1812 /etc/services radius 1812/tcp # Radius radius 1812/udp # Radius Someone trying to get at authentication servers? > Secondly, will the following command fix things? The intent is to > block input access to port 1812. > > > $ iptables -A INPUT -p udp --dport 1812 -j DROP Looks fine to me... though you might need to use -I instead...
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
