LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   I will attack my post in the log that I use iptables to problems related to it. (https://www.linuxquestions.org/questions/linux-security-4/i-will-attack-my-post-in-the-log-that-i-use-iptables-to-problems-related-to-it-934620/)

Intergate 03-15-2012 11:59 AM
I will attack my post in the log that I use iptables to problems related to it.
 
I will attack my post in the log that I use iptables to problems related to it.

I have to write the script.

Code:
Mar 15 23:03:00  Drop: IN=vmbr0 OUT= PHYSIN=eth0 MAC=00:25:90:56:7d:18 SRC=115.74.3.69 DST=37.59.11.123 LEN=60 TOS=0x00 PREC=0x00 TTL=243 ID=19629 PROTO=UDP SPT=7010 DPT=7010 LEN=40
Mar 15 23:03:02  Drop: IN=vmbr0 OUT= PHYSIN=eth0 MAC=00:25:90:56:7d:18 SRC=79.172.32.75 DST=37.59.11.123 LEN=60 TOS=0x00 PREC=0x00 TTL=242 ID=39699 PROTO=UDP SPT=7010 DPT=7010 LEN=40
Mar 15 23:03:04  Drop: IN=vmbr0 OUT= PHYSIN=eth0 MAC=00:25:90:56:7d:18 SRC=210.165.99.42 DST=37.59.11.123 LEN=60 TOS=0x00 PREC=0x00 TTL=243 ID=61448 PROTO=UDP SPT=7010 DPT=7010 LEN=40
Mar 15 23:03:06  Drop: IN=vmbr0 OUT= PHYSIN=eth0 MAC=00:25:90:56:7d:18 SRC=194.188.187.17 DST=37.59.11.123 LEN=60 TOS=0x00 PREC=0x00 TTL=243 ID=53783 PROTO=UDP SPT=7010 DPT=7010 LEN=40
Mar 15 23:03:08  Drop: IN=vmbr0 OUT= PHYSIN=eth0 MAC=00:25:90:56:7d:18 SRC=123.149.15.102 DST=37.59.11.123 LEN=60 TOS=0x00 PREC=0x00 TTL=242 ID=36915 PROTO=UDP SPT=7010 DPT=7010 LEN=40
Mar 15 23:03:10  Drop: IN=vmbr0 OUT= PHYSIN=eth0 MAC=00:25:90:56:7d:18 SRC=62.117.4.88 DST=37.59.11.123 LEN=60 TOS=0x00 PREC=0x00 TTL=242 ID=43995 PROTO=UDP SPT=7010 DPT=7010 LEN=40
Mar 15 23:03:12  Drop: IN=vmbr0 OUT= PHYSIN=eth0 MAC=00:25:90:56:7d:18 SRC=40.155.128.43 DST=37.59.11.123 LEN=60 TOS=0x00 PREC=0x00 TTL=243 ID=63090 PROTO=UDP SPT=7010 DPT=7010 LEN=40
Mar 15 23:03:14  Drop: IN=vmbr0 OUT= PHYSIN=eth0 MAC=00:25:90:56:7d:18 SRC=135.180.161.22 DST=37.59.11.123 LEN=60 TOS=0x00 PREC=0x00 TTL=242 ID=32137 PROTO=UDP SPT=7010 DPT=7010 LEN=40
Mar 15 23:03:16  Drop: IN=vmbr0 OUT= PHYSIN=eth0 MAC=00:25:90:56:7d:18 SRC=26.6.211.124 DST=37.59.11.123 LEN=60 TOS=0x00 PREC=0x00 TTL=243 ID=19886 PROTO=UDP SPT=7010 DPT=7010 LEN=40
Mar 15 23:03:18  Drop: IN=vmbr0 OUT= PHYSIN=eth0 MAC=00:25:90:56:7d:18 SRC=123.153.71.122 DST=37.59.11.123 LEN=60 TOS=0x00 PREC=0x00 TTL=243 ID=56163 PROTO=UDP SPT=7010 DPT=7010 LEN=40
Mar 15 23:03:20  Drop: IN=vmbr0 OUT= PHYSIN=eth0 MAC=00:25:90:56:7d:18 SRC=24.202.234.76 DST=37.59.11.123 LEN=60 TOS=0x00 PREC=0x00 TTL=243 ID=7383 PROTO=UDP SPT=7010 DPT=7010 LEN=40
Mar 15 23:03:22  Drop: IN=vmbr0 OUT= PHYSIN=eth0 MAC=00:25:90:56:7d:18 SRC=98.14.188.59 DST=37.59.11.123 LEN=60 TOS=0x00 PREC=0x00 TTL=243 ID=63143 PROTO=UDP SPT=7010 DPT=7010 LEN=40
Mar 15 23:03:24  Drop: IN=vmbr0 OUT= PHYSIN=eth0 MAC=00:25:90:56:7d:18 SRC=1.250.54.73 DST=37.59.11.123 LEN=60 TOS=0x00 PREC=0x00 TTL=243 ID=18339 PROTO=UDP SPT=7010 DPT=7010 LEN=40
Mar 15 23:03:26  Drop: IN=vmbr0 OUT= PHYSIN=eth0 MAC=00:25:90:56:7d:18 SRC=60.123.3.22 DST=37.59.11.123 LEN=60 TOS=0x00 PREC=0x00 TTL=242 ID=18198 PROTO=UDP SPT=7010 DPT=7010 LEN=40
Mar 15 23:03:28  Drop: IN=vmbr0 OUT= PHYSIN=eth0 MAC=00:25:90:56:7d:18 SRC=156.89.26.101 DST=37.59.11.123 LEN=60 TOS=0x00 PREC=0x00 TTL=242 ID=62511 PROTO=UDP SPT=7010 DPT=7010 LEN=40
Mar 15 23:03:30  Drop: IN=vmbr0 OUT= PHYSIN=eth0 MAC=00:25:90:56:7d:18 SRC=46.43.210.67 DST=37.59.11.123 LEN=60 TOS=0x00 PREC=0x00 TTL=243 ID=64869 PROTO=UDP SPT=7010 DPT=7010 LEN=40
Mar 15 23:03:32  Drop: IN=vmbr0 OUT= PHYSIN=eth0 MAC=00:25:90:56:7d:18 SRC=192.48.144.43 DST=37.59.11.123 LEN=60 TOS=0x00 PREC=0x00 TTL=242 ID=985 PROTO=UDP SPT=7010 DPT=7010 LEN=40
Mar 15 23:03:34  Drop: IN=vmbr0 OUT= PHYSIN=eth0 MAC=00:25:90:56:7d:18 SRC=164.191.4.125 DST=37.59.11.123 LEN=60 TOS=0x00 PREC=0x00 TTL=242 ID=39335 PROTO=UDP SPT=7010 DPT=7010 LEN=40
Mar 15 23:03:36  Drop: IN=vmbr0 OUT= PHYSIN=eth0 MAC=00:25:90:56:7d:18 SRC=160.81.166.113 DST=37.59.11.123 LEN=60 TOS=0x00 PREC=0x00 TTL=243 ID=7477 PROTO=UDP SPT=7010 DPT=7010 LEN=40
Mar 15 23:03:38  Drop: IN=vmbr0 OUT= PHYSIN=eth0 MAC=00:25:90:56:7d:18 SRC=112.194.91.12 DST=37.59.11.123 LEN=60 TOS=0x00 PREC=0x00 TTL=242 ID=16539 PROTO=UDP SPT=7010 DPT=7010 LEN=40
Mar 15 23:03:40  Drop: IN=vmbr0 OUT= PHYSIN=eth0 MAC=00:25:90:56:7d:18 SRC=183.88.44.50 DST=37.59.11.123 LEN=60 TOS=0x00 PREC=0x00 TTL=243 ID=62971 PROTO=UDP SPT=7010 DPT=7010 LEN=40
Mar 15 23:03:42  Drop: IN=vmbr0 OUT= PHYSIN=eth0 MAC=00:25:90:56:7d:18 SRC=183.92.125.39 DST=37.59.11.123 LEN=60 TOS=0x00 PREC=0x00 TTL=242 ID=14757 PROTO=UDP SPT=7010 DPT=7010 LEN=40

Noway2 03-15-2012 12:12 PM
I am sorry, but I am unable to understand your question. Would you please rephrase it? You may also want to consider writing your question in your native language and using Google translate (your post says that you will attack your log file, which is undoubtedly not your intent).

Intergate 03-16-2012 03:30 AM
Quote:
Originally Posted by Noway2 (Post 4627591)
I am sorry, but I am unable to understand your question. Would you please rephrase it? You may also want to consider writing your question in your native language and using Google translate (your post says that you will attack your log file, which is undoubtedly not your intent).

I took a look at the log file. I would like to use iptables to block it.Can you help me.

Noway2 03-16-2012 04:19 AM
The log file shows that you are receiving what appears to be a flood of UDP traffic to port 7010. According to this link, UDP port 7010 is used for two purposes: communication with a UPS and the EverQuest online game. My suspicion is that your are facing traffic from the latter.

The log also shows that these packets are being dropped, which is probably the best that you will be able to do from your virtual server:
Quote:
Mar 15 23:03:00 Drop: IN=vmbr0 OUT= PHYSIN=eth0 MAC=00:25:90:56:7d:18 SRC=115.74.3.69 DST=37.59.11.123
If this traffic is still causing you problems, such as consuming too much resource, I think you will have to take this up with your service provider as there will be nothing further that you can do at your end as the traffic is being filtered by you, but would need to be filtered upstream.

Steviepower 04-03-2012 10:32 AM
it's exactly every 2 seconds and it's packets being sent from different internet IP's to one single ip(37.59.11.123) trough a virtual interface? Maybe sniff the interface and see what kind of packets they are, and maybe there is something on your virtual interface requesting those packets... can you change your internet IP?


All times are GMT -5. The time now is 09:03 PM.