Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

tcp output stopped at firewall: test late packets? [solved]
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
huuan
Apprentice
Apprentice


Joined: 19 Feb 2007
Posts: 265
Location: California
PostPosted: Mon Jul 23, 2007 5:28 am    Post subject: tcp output stopped at firewall: test late packets? [solved] Reply with quote
I was looking through my server firewall logs and noticed that since last Wednesday there have been a number of blocked OUTPUT tcp connections similar to this:
Jul 22 13:33:10 myserver Dropped by default (OUTPUT):IN= OUT=eth0 SRC=myserverip DST=65.214.39.180 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=43953 DF PROTO=TCP SPT=80 DPT=33487 WINDOW=150 RES=0x00 ACK URGP=0

:oops: never mind I figured it out these are just late packets from when a bot asks for a whle bunch of stuff and some packets get out of sequence and get dropped by the firewall as there's no connection left when they arrive.

OK then the real question is how to ID these as late packets so I can drop them without logging them?

Last edited by huuan on Mon Jul 23, 2007 8:04 pm; edited 1 time in total
Back to top
View user's profile Send private message
huuan
Apprentice
Apprentice


Joined: 19 Feb 2007
Posts: 265
Location: California
PostPosted: Mon Jul 23, 2007 7:15 am    Post subject: Reply with quote
OK I've gone with this as the line just before dropping OUTPUT by default:
Code:
$IPTABLES -A OUTPUT -p tcp --sport 80 -j DROP

which I figure should do the trick as any legit port 80 output has already been allowed by that stage.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy