[CentOS] Hacking Issue

Mon Sep 26 14:31:04 UTC 2011
Micky L Martin <mickylmartin at gmail.com>

I would use an '-I' instead of '-A' if its a case of blocking an intruder.

You can use tcpdump and 'ss -l' as well.

Check out the application logs, try to see what's the intruder is up to!




On Mon, Sep 26, 2011 at 7:14 AM, Keith Roberts <keith at karsites.net> wrote:

> On Mon, 26 Sep 2011, Jennifer Botten wrote:
>
> > To: centos at centos.org
> > From: Jennifer Botten <jennifer at etech.co.za>
> > Subject: [CentOS] Hacking Issue
> >
> > Hi,
> >
> >
> >
> > I am having an issue with someone accessing our server via a SIP/VOIP
> > connection. I have changed my iptables rules to drop all UDP traffic from
> > and too this IP address, but this traffic seems to still run through my
> > server. These are the iptables rules that I current have on the server.
> >
> > -A INPUT -i eth0 -s 209.61.231.42 -p udp -j DROP
> >
> > -A INPUT -i eth0 -d 209.61.231.42 -p udp -j DROP
>
> You might find it helps to analyse this traffic with a
> network analyser, like Wireshark. That would allow you to
> see in almost real time what is happening on the line.
>
> Kind Regards,
>
> Keith Roberts
>
> -----------------------------------------------------------------
> Websites:
> http://www.karsites.net
> http://www.php-debuggers.net
> http://www.raised-from-the-dead.org.uk
>
> All email addresses are challenge-response protected with
> TMDA [http://tmda.net]
> -----------------------------------------------------------------
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20110926/7a124e20/attachment-0004.html>