Hi
i have a server under attack by LAND ,,, according to this page ,,
http://linoxide.com/firewall/block-c...acks-iptables/

im wondering how linux can not defend against this kind of attack. i could block traffic but is this linux bug ??!!
my server is debian 7 , kernel 3.2 , amd64 , updated and upgraded
here is dropped packet log from my server
Apr 7 12:05:33 Social04 kernel: [86584.184392] IPTables Packet Dropped: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=7138 DF PROTO=TCP SPT=59530 DPT=3306 WINDOW=32792 RES=0x00 SYN URGP=0

any suggestion
Thanks

Can you print your iptables rules ?

The LAND attack is old. Basically it means sending SYN packets with the source and destination address being the same. As you see can from that post even back then (1997) Linux wasn't vulnerable.


Here you got a connection to TCP/3306 but over the loop back device which is OK as you usually do not want MySQL to listen to ethernet devices without additional access restrictions.

Indeed posting output would be welcome.

hi ,
there my server log
Apr 11 12:00:27 Social06 kernel: [ 3801.295130] IPTables Packet Dropped: IN=eth0 OUT= MAC=00:50:56:ab:4b:93:d4:8c:b5:f4:76:44:08:00 SRC=103.240.141.54 DST=X.X.X.X LEN=40 TOS=0x00 PREC=0x00 TTL=114 ID=19421 PROTO=TCP SPT=3306 DPT=37787 WINDOW=0 RES=0x00 ACK RST URGP=0
Apr 11 12:00:56 Social06 kernel: [ 3830.325714] IPTables Packet Dropped: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:4c:5e:0c:3b:79:61:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=155 TOS=0x00 PREC=0x00 TTL=64 ID=0 PROTO=UDP SPT=5678 DPT=5678 LEN=135
Apr 11 12:01:26 Social06 kernel: [ 3860.474605] IPTables Packet Dropped: IN=eth0 OUT= MAC=00:50:56:ab:4b:93:d4:8c:b5:f4:76:44:08:00 SRC=192.126.126.64 DST=X.X.X.X LEN=40 TOS=0x00 PREC=0x00 TTL=115 ID=13870 PROTO=TCP SPT=3306 DPT=49326 WINDOW=0 RES=0x00 ACK RST URGP=0
Apr 11 12:01:56 Social06 kernel: [ 3890.201918] IPTables Packet Dropped: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:4c:5e:0c:3b:79:61:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=155 TOS=0x00 PREC=0x00 TTL=64 ID=0 PROTO=UDP SPT=5678 DPT=5678 LEN=135
Apr 11 12:02:27 Social06 kernel: [ 3921.612631] IPTables Packet Dropped: IN=eth0 OUT= MAC=00:50:56:ab:4b:93:d4:8c:b5:f4:76:44:08:00 SRC=192.126.126.64 DST=X.X.X.X LEN=40 TOS=0x00 PREC=0x00 TTL=115 ID=17954 PROTO=TCP SPT=3306 DPT=49338 WINDOW=0 RES=0x00 ACK RST URGP=0
Apr 11 12:02:56 Social06 kernel: [ 3950.070561] IPTables Packet Dropped: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:4c:5e:0c:3b:79:61:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=155 TOS=0x00 PREC=0x00 TTL=64 ID=0 PROTO=UDP SPT=5678 DPT=5678 LEN=135


and iptable rules
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 80 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT

Thanks

Sorry but you haven't posted output as requested.
Since you know what you're doing that'll be me leaving this thread, bye.

1 members found this post helpful.