On Sat, 2009-01-31 at 20:10 -0800, Tom Eastep wrote: > > It seems like 90+% of DNS queries against my name server are DDoS: > > Counters reset Sat Jan 31 19:02:01 PST 2009 > > Chain DNSDDOS (1 references) > pkts bytes target prot opt in out source > destination > 4675 210K DROP all -- * * 0.0.0.0/0 > 0.0.0.0/0 STRING match "|010000010000000000000000020001|" ALGO > name bm FROM 29 TO 30 > 330 23531 ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 > gateway:/etc/shorewall #
Damn. I have an iptables installation with the older, 1.3.3 string match which doesn't support the --algo, --from and --to modifiers. What are the --to and --from arguments? I would guess bytes offset from somewhere, probably the packet start. But 29-30 is only two bytes. How does that compute with "hex-string" of "|010000010000000000000000020001|"? Thanx for any clarification you can provide. b.
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
