[CentOS] Hacking Issue

Mon Sep 26 14:14:53 UTC 2011
Keith Roberts <keith at karsites.net>

On Mon, 26 Sep 2011, Jennifer Botten wrote:

> To: centos at centos.org
> From: Jennifer Botten <jennifer at etech.co.za>
> Subject: [CentOS] Hacking Issue
> 
> Hi,
>
>
>
> I am having an issue with someone accessing our server via a SIP/VOIP
> connection. I have changed my iptables rules to drop all UDP traffic from
> and too this IP address, but this traffic seems to still run through my
> server. These are the iptables rules that I current have on the server.
>
> -A INPUT -i eth0 -s 209.61.231.42 -p udp -j DROP
>
> -A INPUT -i eth0 -d 209.61.231.42 -p udp -j DROP

You might find it helps to analyse this traffic with a 
network analyser, like Wireshark. That would allow you to 
see in almost real time what is happening on the line.

Kind Regards,

Keith Roberts

-----------------------------------------------------------------
Websites:
http://www.karsites.net
http://www.php-debuggers.net
http://www.raised-from-the-dead.org.uk

All email addresses are challenge-response protected with
TMDA [http://tmda.net]
-----------------------------------------------------------------