Hello. I'm new to this forum but it helped me alot on Linux world.
I have a root server, where I installed Squid Proxy Server weeks ago. Actually, the company where we host it has complained about that "We sent spam" and pasted us a log of eMail where we send eMails to two IPs, on port 25.
Actually, I've changed root password and activated a firewall that lets me ONLY access it via SSH, authing me by dyndns.
Another problem is, like I said that I installed Squid, and letted it public, now people was using it without my permission so I decided to uninstall it.
When I'm doing tcpdump, it shows people trying to reach it.
Quote:
[root@host ~]# tcpdump -n -i eth0 -s 0 src or dst port 3128
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
14:52:36.937269 IP 61.123.23.221.gtrack-ne > //hidenhost//.squid: S 999771478:999771478(0) win 65535 <mss 1414,nop,wscale 2,nop,nop,timestamp 0 0,nop,nop,sackOK>
14:52:36.975359 IP 190.167.53.255.51522 > //hidenhost//5.squid: S 2620618050:2620618050(0) win 8192 <mss 1400,nop,wscale 2,nop,nop,sackOK>
|
I have blocked the port 3128 by this:
iptables -A INPUT -p udp --dport 3128 -j REJECT
iptables -A INPUT -p tcp --dport 3128 -j REJECT
Also I tried with DROP instead of REJECT, and it's still the same, when I do tcpdump it keeps showing IPs.
Now, my question is: Is there any way of really blocking that port so my server doesn't have to handle that useless requests? I've also tried to block those IPs, and they keep showing!
I'm needing help for this as I am not an expert of Linux Networking.
Many thanks.
Regards,
Ivan.