I'd like to do what Jeffrey Foreman suggested earlier and use iptables rate limiting support to block stuff like this:
Jul 15 13:44:19 raptor ftpd[1405]: FTP LOGIN REFUSED (anonymous ftp not supported) FROM rn124.isis.de [195.158.148.124], anonymous Jul 15 13:44:19 raptor ftpd[1406]: FTP LOGIN REFUSED (anonymous ftp not supported) FROM rn124.isis.de [195.158.148.124], anonymous Jul 15 13:44:19 raptor ftpd[1411]: FTP LOGIN REFUSED (anonymous ftp not supported) FROM rn124.isis.de [195.158.148.124], anonymous Jul 15 13:44:19 raptor ftpd[1408]: FTP LOGIN REFUSED (anonymous ftp not supported) FROM rn124.isis.de [195.158.148.124], anonymous etc. etc. etc. This will go on until the inetd limit is reached and then FTP service is suspended... I've tried: iptables -A INPUT -p tcp --dport 21 -m limit --limit 3/m -j ACCEPT ...but I'm not seeing the port closed off when I hammer at my machine with WS_FTP (using 'anonymous' login). I've also tried -j DROP as well as specifying -j DROP on port 21 and then running the above -j ACCEPT line. Has anyone successfully blocked these DoS attacks before using the iptables limit extension? Thanks in advance. Robert Giles _______________________________________________ Siglinux mailing list [EMAIL PROTECTED] http://www.utacm.org/mailman/listinfo/siglinux
