I would use an '-I' instead of '-A' if its a case of blocking an intruder.
You can use tcpdump and 'ss -l' as well.
Check out the application logs, try to see what's the intruder is up to!
On Mon, Sep 26, 2011 at 7:14 AM, Keith Roberts keith@karsites.net wrote:
On Mon, 26 Sep 2011, Jennifer Botten wrote:
To: centos@centos.org From: Jennifer Botten jennifer@etech.co.za Subject: [CentOS] Hacking Issue
Hi,
I am having an issue with someone accessing our server via a SIP/VOIP connection. I have changed my iptables rules to drop all UDP traffic from and too this IP address, but this traffic seems to still run through my server. These are the iptables rules that I current have on the server.
-A INPUT -i eth0 -s 209.61.231.42 -p udp -j DROP
-A INPUT -i eth0 -d 209.61.231.42 -p udp -j DROP
You might find it helps to analyse this traffic with a network analyser, like Wireshark. That would allow you to see in almost real time what is happening on the line.
Kind Regards,
Keith Roberts
Websites: http://www.karsites.net http://www.php-debuggers.net http://www.raised-from-the-dead.org.uk
All email addresses are challenge-response protected with TMDA [http://tmda.net]
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos