<div>I would use an '-I' instead of '-A' if its a case of blocking an intruder.</div><div><br></div><div>You can use tcpdump and 'ss -l' as well.</div><div><br></div><div>Check out the application logs, try to see what's the intruder is up to!</div>
<div><br></div><div><br></div><br><br><div class="gmail_quote">On Mon, Sep 26, 2011 at 7:14 AM, Keith Roberts <span dir="ltr"><<a href="mailto:keith@karsites.net">keith@karsites.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
On Mon, 26 Sep 2011, Jennifer Botten wrote:<br>
<br>
> To: <a href="mailto:centos@centos.org">centos@centos.org</a><br>
> From: Jennifer Botten <<a href="mailto:jennifer@etech.co.za">jennifer@etech.co.za</a>><br>
> Subject: [CentOS] Hacking Issue<br>
><br>
> Hi,<br>
><br>
><br>
><br>
> I am having an issue with someone accessing our server via a SIP/VOIP<br>
> connection. I have changed my iptables rules to drop all UDP traffic from<br>
> and too this IP address, but this traffic seems to still run through my<br>
> server. These are the iptables rules that I current have on the server.<br>
><br>
> -A INPUT -i eth0 -s <a href="tel:209.61.231.42" value="+12096123142">209.61.231.42</a> -p udp -j DROP<br>
><br>
> -A INPUT -i eth0 -d <a href="tel:209.61.231.42" value="+12096123142">209.61.231.42</a> -p udp -j DROP<br>
<br>
You might find it helps to analyse this traffic with a<br>
network analyser, like Wireshark. That would allow you to<br>
see in almost real time what is happening on the line.<br>
<br>
Kind Regards,<br>
<br>
Keith Roberts<br>
<br>
-----------------------------------------------------------------<br>
Websites:<br>
<a href="http://www.karsites.net" target="_blank">http://www.karsites.net</a><br>
<a href="http://www.php-debuggers.net" target="_blank">http://www.php-debuggers.net</a><br>
<a href="http://www.raised-from-the-dead.org.uk" target="_blank">http://www.raised-from-the-dead.org.uk</a><br>
<br>
All email addresses are challenge-response protected with<br>
TMDA [<a href="http://tmda.net" target="_blank">http://tmda.net</a>]<br>
-----------------------------------------------------------------<br>
_______________________________________________<br>
CentOS mailing list<br>
<a href="mailto:CentOS@centos.org">CentOS@centos.org</a><br>
<a href="http://lists.centos.org/mailman/listinfo/centos" target="_blank">http://lists.centos.org/mailman/listinfo/centos</a><br>
</blockquote></div><br>