Newbie question about IPtables prevent it.

Intergate · 01-14-2013, 12:44 AM

Help me please.
I have often under attack., But can not block it. Because I need to use it.
I want know. How to prevent and mitigation for iptables.

an 8 04:57:07 xxxx kernel: [PROTO max rate !] : IN=em1 OUT= MAC=d4:ae:52:c3:a7:46:64:87:88:5b:e7:f9:08:00 SRC=154.225.54.40 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=54962 PROTO=TCP SPT=6308 DPT=13959 WINDOW=65535 RES=0x00 ACK URGP=0
Jan 8 04:57:07 xxxx kernel: [PROTO max rate !] : IN=em1 OUT= MAC=d4:ae:52:c3:a7:46:64:87:88:5b:e7:f9:08:00 SRC=101.112.166.105 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=39141 PROTO=TCP SPT=11323 DPT=9884 WINDOW=65535 RES=0x00 ACK URGP=0
Jan 8 04:57:07 xxxx kernel: [PROTO max rate !] : IN=em1 OUT= MAC=d4:ae:52:c3:a7:46:64:87:88:5b:e7:f9:08:00 SRC=196.166.235.60 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=48490 PROTO=TCP SPT=13591 DPT=8508 WINDOW=65535 RES=0x00 ACK URGP=0
Jan 8 04:57:07 xxxx kernel: [PROTO max rate !] : IN=em1 OUT= MAC=d4:ae:52:c3:a7:46:64:87:88:5b:e7:f9:08:00 SRC=27.9.238.53 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=30911 PROTO=TCP SPT=8464 DPT=8232 WINDOW=65535 RES=0x00 ACK URGP=0
Jan 8 04:57:07 xxxx kernel: [PROTO max rate !] : IN=em1 OUT= MAC=d4:ae:52:c3:a7:46:64:87:88:5b:e7:f9:08:00 SRC=106.108.158.4 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=20207 PROTO=TCP SPT=5721 DPT=9841 WINDOW=65535 RES=0x00 ACK URGP=0
Jan 8 04:57:07 xxxx kernel: [PROTO max rate !] : IN=em1 OUT= MAC=d4:ae:52:c3:a7:46:64:87:88:5b:e7:f9:08:00 SRC=159.237.162.84 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=29560 PROTO=TCP SPT=7035 DPT=7082 WINDOW=65535 RES=0x00 ACK URGP=0
Jan 8 04:57:07 xxxx kernel: [PROTO max rate !] : IN=em1 OUT= MAC=d4:ae:52:c3:a7:46:64:87:88:5b:e7:f9:08:00 SRC=145.38.78.57 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=33942 PROTO=TCP SPT=7140 DPT=6219 WINDOW=65535 RES=0x00 ACK URGP=0
Jan 8 04:57:07 xxxx kernel: [PROTO max rate !] : IN=em1 OUT= MAC=d4:ae:52:c3:a7:46:64:87:88:5b:e7:f9:08:00 SRC=76.227.210.45 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=57340 PROTO=TCP SPT=5254 DPT=10671 WINDOW=65535 RES=0x00 ACK URGP=0
Jan 8 04:57:07 xxxx kernel: [PROTO max rate !] : IN=em1 OUT= MAC=d4:ae:52:c3:a7:46:64:87:88:5b:e7:f9:08:00 SRC=71.207.209.119 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=11963 PROTO=TCP SPT=6414 DPT=9773 WINDOW=65535 RES=0x00 ACK URGP=0
Jan 8 04:57:07 xxxx kernel: [PROTO max rate !] : IN=em1 OUT= MAC=d4:ae:52:c3:a7:46:64:87:88:5b:e7:f9:08:00 SRC=1.136.48.20 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=63267 PROTO=TCP SPT=10177 DPT=6698 WINDOW=65535 RES=0x00 ACK URGP=0
Jan 8 04:57:07 xxxx kernel: [PROTO max rate !] : IN=em1 OUT= MAC=d4:ae:52:c3:a7:46:64:87:88:5b:e7:f9:08:00 SRC=83.240.49.16 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=10001 PROTO=TCP SPT=5206 DPT=7942 WINDOW=65535 RES=0x00 ACK URGP=0
Jan 8 04:57:07 xxxx kernel: [PROTO max rate !] : IN=em1 OUT= MAC=d4:ae:52:c3:a7:46:64:87:88:5b:e7:f9:08:00 SRC=110.202.151.63 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=49481 PROTO=TCP SPT=13824 DPT=14923 WINDOW=65535 RES=0x00 ACK URGP=0
Jan 8 04:57:07 xxxx kernel: [PROTO max rate !] : IN=em1 OUT= MAC=d4:ae:52:c3:a7:46:64:87:88:5b:e7:f9:08:00 SRC=185.72.155.95 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=47822 PROTO=TCP SPT=11158 DPT=10731 WINDOW=65535 RES=0x00 ACK URGP=0
Jan 8 04:57:07 xxxx kernel: [PROTO max rate !] : IN=em1 OUT= MAC=d4:ae:52:c3:a7:46:64:87:88:5b:e7:f9:08:00 SRC=172.139.200.46 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=44252 PROTO=TCP SPT=8878 DPT=8819 WINDOW=65535 RES=0x00 ACK URGP=0
Jan 8 04:57:07 xxxx kernel: [PROTO max rate !] : IN=em1 OUT= MAC=d4:ae:52:c3:a7:46:64:87:88:5b:e7:f9:08:00 SRC=174.5.237.86 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=10985 PROTO=TCP SPT=9035 DPT=7231 WINDOW=65535 RES=0x00 ACK URGP=0
Jan 8 04:57:07 xxxx kernel: [PROTO max rate !] : IN=em1 OUT= MAC=d4:ae:52:c3:a7:46:64:87:88:5b:e7:f9:08:00 SRC=36.13.219.106 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=49080 PROTO=TCP SPT=5903 DPT=6603 WINDOW=65535 RES=0x00 ACK URGP=0
Jan 8 04:57:07 xxxx kernel: [PROTO max rate !] : IN=em1 OUT= MAC=d4:ae:52:c3:a7:46:64:87:88:5b:e7:f9:08:00 SRC=123.13.239.56 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=23231 PROTO=TCP SPT=5843 DPT=12142 WINDOW=65535 RES=0x00 ACK URGP=0
Jan 8 04:57:07 xxxx kernel: [PROTO max rate !] : IN=em1 OUT= MAC=d4:ae:52:c3:a7:46:64:87:88:5b:e7:f9:08:00 SRC=131.139.110.88 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=36639 PROTO=TCP SPT=9086 DPT=5980 WINDOW=65535 RES=0x00 ACK URGP=0
Jan 8 04:57:08 xxxx kernel: [PROTO max rate !] : IN=em1 OUT= MAC=d4:ae:52:c3:a7:46:64:87:88:5b:e7:f9:08:00 SRC=162.118.162.99 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=57426 PROTO=TCP SPT=11532 DPT=14792 WINDOW=65535 RES=0x00 ACK URGP=0
Jan 8 04:57:08 xxxx kernel: [PROTO max rate !] : IN=em1 OUT= MAC=d4:ae:52:c3:a7:46:64:87:88:5b:e7:f9:08:00 SRC=109.102.193.11 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=17077 PROTO=TCP SPT=6238 DPT=14052 WINDOW=65535 RES=0x00 ACK URGP=0
Jan 8 04:57:08 xxxx kernel: [PROTO max rate !] : IN=em1 OUT= MAC=d4:ae:52:c3:a7:46:64:87:88:5b:e7:f9:08:00 SRC=106.51.6.73 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=35337 PROTO=TCP SPT=10623 DPT=6695 WINDOW=65535 RES=0x00 ACK URGP=0
Jan 8 04:57:08 xxxx kernel: [PROTO max rate !] : IN=em1 OUT= MAC=d4:ae:52:c3:a7:46:64:87:88:5b:e7:f9:08:00 SRC=220.255.174.93 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=43336 PROTO=TCP SPT=6629 DPT=8157 WINDOW=65535 RES=0x00 ACK URGP=0
Jan 8 04:57:08 xxxx kernel: [PROTO max rate !] : IN=em1 OUT= MAC=d4:ae:52:c3:a7:46:64:87:88:5b:e7:f9:08:00 SRC=184.28.85.0 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=16489 PROTO=TCP SPT=14648 DPT=6719 WINDOW=65535 RES=0x00 ACK URGP=0
Jan 8 04:57:08 xxxx kernel: [PROTO max rate !] : IN=em1 OUT= MAC=d4:ae:52:c3:a7:46:64:87:88:5b:e7:f9:08:00 SRC=102.185.24.0 DST=xxx.xxx.xxx.xxx LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=47715 PROTO=TCP SPT=11496 DPT=14363 WINDOW=65535 RES=0x00 ACK URGP=0

Thank you for developer.

bijo505 · 01-14-2013, 02:14 AM

Hi,
It you are new to this, try to install APF or Arno's firewall. That will help you to configure firewall for you.

http://www.rfxn.com/projects/advanced-policy-firewall/
http://rocky.eld.leidenuniv.nl/jooml...d=46&Itemid=77