I'd like to do what Jeffrey Foreman suggested earlier and use iptables
rate limiting support to block stuff like this:

Jul 15 13:44:19 raptor ftpd[1405]: FTP LOGIN REFUSED (anonymous ftp not 
supported) FROM rn124.isis.de [195.158.148.124], anonymous
Jul 15 13:44:19 raptor ftpd[1406]: FTP LOGIN REFUSED (anonymous ftp not 
supported) FROM rn124.isis.de [195.158.148.124], anonymous
Jul 15 13:44:19 raptor ftpd[1411]: FTP LOGIN REFUSED (anonymous ftp not 
supported) FROM rn124.isis.de [195.158.148.124], anonymous
Jul 15 13:44:19 raptor ftpd[1408]: FTP LOGIN REFUSED (anonymous ftp not 
supported) FROM rn124.isis.de [195.158.148.124], anonymous

etc. etc. etc.  This will go on until the inetd limit is reached and then
FTP service is suspended...

I've tried:
iptables -A INPUT -p tcp --dport 21 -m limit --limit 3/m -j ACCEPT
...but I'm not seeing the port closed off when I hammer at my machine
with WS_FTP (using 'anonymous' login).

I've also tried -j DROP as well as specifying -j DROP on port 21 and
then running the above -j ACCEPT line.  Has anyone successfully blocked
these DoS attacks before using the iptables limit extension?

Thanks in advance.

Robert Giles


_______________________________________________
Siglinux mailing list
[EMAIL PROTECTED]
http://www.utacm.org/mailman/listinfo/siglinux

Reply via email to