I would use an '-I' instead of '-A' if its a case of blocking an intruder. You can use tcpdump and 'ss -l' as well. Check out the application logs, try to see what's the intruder is up to! On Mon, Sep 26, 2011 at 7:14 AM, Keith Roberts <keith at karsites.net> wrote: > On Mon, 26 Sep 2011, Jennifer Botten wrote: > > > To: centos at centos.org > > From: Jennifer Botten <jennifer at etech.co.za> > > Subject: [CentOS] Hacking Issue > > > > Hi, > > > > > > > > I am having an issue with someone accessing our server via a SIP/VOIP > > connection. I have changed my iptables rules to drop all UDP traffic from > > and too this IP address, but this traffic seems to still run through my > > server. These are the iptables rules that I current have on the server. > > > > -A INPUT -i eth0 -s 209.61.231.42 -p udp -j DROP > > > > -A INPUT -i eth0 -d 209.61.231.42 -p udp -j DROP > > You might find it helps to analyse this traffic with a > network analyser, like Wireshark. That would allow you to > see in almost real time what is happening on the line. > > Kind Regards, > > Keith Roberts > > ----------------------------------------------------------------- > Websites: > http://www.karsites.net > http://www.php-debuggers.net > http://www.raised-from-the-dead.org.uk > > All email addresses are challenge-response protected with > TMDA [http://tmda.net] > ----------------------------------------------------------------- > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20110926/7a124e20/attachment-0005.html>