Linux Firewall - Filtering Out Zero Length Packets

Aug 13, 2008

I run CentOS 5.2 (Sometimes CentOS 4.6). I have been messing around with IPTables, and cannot find out how to filter zero-length packets.

I believe I might need an unclean module. I have already done hours of reading and researching, but I have come up with nothing, for I do not think this is that common.

If anyone could please let me know the commands to use to filter out all zero-length packets, or the unclean module I need to use with IPTables, I would really appreciate it.

View 14 Replies


ADVERTISEMENT

Plesk 12.x / Linux :: Qmail Fails Due To Dh Key Length

Jul 11, 2015

I have been seeing these in my log and received complaints from customers not able to get their mail out. These messages just stay in the queue and go no where.

what they are successfully using as a tlsserverciphers and tlsclientciphers? Maybe it the dh key being too small. How can this be fixed on Qmail?

qmail: 1436646171.830486 delivery 6: deferral: TLS_connect_failed:_error:14082174:SSL_routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh_key_too_small;_connected_to_170.49.86.238.

View 2 Replies View Related

Linux IPTables Logging Packets On A Certain Port

Aug 4, 2008

commands to log packets temporarily for a certain udp port with the IP information ect.

Any help would be appreciated. As for what I am doing, I am trying to find anything wierd or something that stands out from the packets sent from external IP's to my server.

View 3 Replies View Related

Plesk 12.x / Linux :: Content-length Limit When Uploading Large Files

Jun 18, 2015

Domain has PHP Settings in Plesk set to 2G and I get this error when uploading a 48MB file using Wordpress. I assume I need ot modify this manually in conf file somewhere to allow uploading large files?

Requested content-length of 48443338 is larger than the configured limit of 10240000..

mod_fcgid: error reading data, FastCGI server closed connection...

View 1 Replies View Related

FIN Packets

Nov 1, 2008

One of my client has the following question but I don't have enough knoweldge on this topic. Hope some network experts out there can give me some advises.

I want to do this:
1. TCP SYN negotiation using fixed port
2. HTTP request
3. ACK
4. Another HTTP request (control words)
5. ACK
6. Another HTTP request (control words)
7. ACK

Unfortunately, I can only accomplish this:
1. TCP SYN negotiation using fixed port
2. HTTP request (control words)
3. ACK
4. FIN
5. TCP SYN negotiation using ANOTHER port
6. HTTP request (control words)
7. ACK
8. FIN

There is too much overhead in the second method. Can you comment on why the first method doesn't work? It processes the first HTTP request but ignore the second, third, etc. HTTP requests. WHY? Do I always have to choose another port to processes another HTTP request?

View 1 Replies View Related

Too Much Packets To Tcp What Does It Indicate

Nov 11, 2007

What does it mean is it indicate ddos attacks?

From 58.32.23.4 - 1160 packets to tcp(1034,1036,1046,1055,1072,1084,1086,1097,1108,1109,1124,1138,1144,1146,1161,1174,1179,1180,1199,1206,1208,1237,1242,1275,1295,1296,1298,1313,1335,1 346,1349,1357,1384,1404,1419,1420,1475,1484,1509,1510,1538,1545,1547,1585,1593,1612,1684,1689,1690,1729,1731,1733,1736,1746,1749,1752,1753,1756,1762,1 763,1765,1768,1770,1779,1782,1784,1785,1786,1787,1789,1792,1794,1800,1806,1856,1877,1879,1885,1930,1988,2004,2005,2022,2027,2073,2077,2099,2109,2113,2 177,2178,2179,2180,2184,2185,2206,2237,2259,2266,2267,2282,2288,2313,2333,2500,2562,2565,2574,2585,2615,2617,2618,2657,2664,2666,2674,2686,2687,2808,2 821,2831,2836,2846,2867,2892,2904,2949,2950,2964,2984,2993,3101,3130,3210,3215,3285,3336,3359,3572,3638,3695,3696,3700,3848,3893,3973,4023,4030,4235,4 269,4293,4358,4370,4380,4398,4414,4472,4509,4549,4571,4585,4606,4608,4635,4685,4766,4778,4780,4812,4836,4844,4858,4902,4903,4909,4912,4916,4935,4936,4 937,4943,4955,4989,5534,5940,6245,6250,6256,6264,6367,7359,7564,7940,8538,9338,10203,10462,10763,11037,11332,11348,11462,11606,11633,11971,12177,12213 ,12242,12267,12276,12283,12307,12361,12399,12457,12472,12584,12645,12648,12793,12829,12842,12906,13197,13438,13807,14465,14493,14762,14765,14768,14769 ,14778,14779,14795,14981,15913,16474,16506,17060,17565,18047,18131,18191,18342,19113,20426,20702,21575,22062,22099,22379,22420,22423,22440,22675,22908 ,23100,23747,23766,24121,24248,24315,24365,24372,24411,24420,24425,24436,24486,24494,24639,25290,25507,26122,26702,26923,26975,27213,27302,27357,27409 ,27947,28731,28821,28982,29197,29227,29249,29285,29448,30472,30554,30564,30584,30632,31346,31628,31899,32074,32093,32306,32562,32566,32657,33968,33980 ,34442,34947,35047,35423,35599,35718,36937,38131,38404,38580,38696,38982,38995,38998,39001,39006,39036,39041,39077,39205,39288,39412,39822,39880,39999 ,40052,40942,41197,42090,42424,43419,43570,43991,43992,44917,46356,46515,46661,46669,46675,46814,46904,47594,48257,50086,50088,50316,50481,50511,50667 ,50786,50789,50790,50791,50792,50798,50802,50811,50930,50941,50951,50959,50999,51002,51008,51532,51650,51655,52362,52441,52448,52459,52531,52587,52612 ,53013,53223,53232,53237,53267,53284,53288,53941,54256,54789,55144,55228,55463,55522,55648,55846,56130,56807,57504,57765,57812,57814,58340,58850,59239 ,59945,60101,60150,60418,60648,60929,61313,61334,61431,61553,61733,61841,61848,61854,61857,61915,61921,61980,62035,62163,62403,62588,62899,62998,63081 ,63097,63198,63302,63379,63715,64214,64373,64380,64434,64442,64485,64491,64495,64501,64505,64514,65151)

View 2 Replies View Related

Dropping Packets

May 24, 2009

Is it normal for a ton of packets to be dropped? My server goes so slow after it gets a bunch of connections, even if I kill everything (i have to restart), and I can't figure out what the problem is. on my other servers it says no packets were dropped. how can i fix this?

ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:1C:C0:C1:8B:3E
inet addr:xx.xx.xx.xx Bcast:xx.xx.xx.255 Mask:255.255.255.0
inet6 addr: fe80::21c:c0ff:fec1:8b3e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:56435 errors:0 dropped:3049109175 overruns:0 frame:0
TX packets:87780 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:6804084 (6.4 MiB) TX bytes:118424651 (112.9 MiB)
Interrupt:50 Base address:0xa000

View 4 Replies View Related

Packets Lost

Jan 28, 2008

what is packets lost,

I used just-pings.com site and its says my site had 100% losts packets in some locations, what does this mean?

One of my other host doesn't have any packets lost, so for a new package should I go with them, rather than the host which has packets lost?

[url]

When I asked my host they said do not trust just-ping and told me to use,
[url]

Does this site check for packets lost?

View 4 Replies View Related

Many ICMP Packets - I'm Being Hit

Nov 24, 2008

My server is being hit by many ICMP packets. Very abnormal but many of them a from indonesian IP.

My server runs on cPanel + CSF.

Should I change CSF to APF? I read most antiDOS attack articles ICMP; eth0; 48 bytes; from 68.66.136.118.fast.net.id to pete.myserver.com; fragment
Tue Nov 25 00:47:52 2008; ICMP; eth0; 1368 bytes; from 125.167.122.253 to pete.myserver.com; echo req
Tue Nov 25 00:47:52 2008; ICMP; eth0; 48 bytes; from 179.subnet125-160-99.speedy.telkom.net.id to pete.myserver.com; fragment
Tue Nov 25 00:47:52 2008; ICMP; eth0; 1468 bytes; from 118.100.245.111 to pete.myserver.com; echo req
Tue Nov 25 00:47:52 2008; ARP request for 202.71.103.231; eth0; 40 bytes; from 0011bb064fc1 to ffffffffffff
Tue Nov 25 00:47:52 2008; ICMP; eth0; 1368 bytes; from 202.152.37.210 to pete.myserver.com; echo req
Tue Nov 25 00:47:52 2008; ICMP; eth0; 1368 bytes; from 202.152.37.210 to pete.myserver.com; echo req
Tue Nov 25 00:47:52 2008; ICMP; eth0; 1368 bytes; from 202.6.234.126 to pete.myserver.com; echo req
note: pete.myserver.com is my server
please advise solution it's causing me 10mbps of inbound bandwidth. my bandwidth is sufficient to handle those for now, but not for long if they increase. my munin shows 20mbps last night

View 5 Replies View Related

MySQL :: 16 Characters Limitation About A Username Length

Apr 27, 2009

I am unable to create a user in mysql with 20 characters length. I am getting the annoying error message about 16 characters limitation about a username length. I have tried to increase the character user limit length to 32 characters using the following commands:

mysql -uroot -p

use mysql;

alter table `user` modify `User` CHAR(32);

FLUSH PRIVILEGES;

quit

service mysqld restart

But after all of this was done I was and I am still unable to connect to mysql anymore with/without password.

View 1 Replies View Related

My Ping/packets Lost

Feb 20, 2008

I'm getting slow server response times I've been struggling with this for quite some while.

Here is what I know so far:

1. My website divinelightingdotcom through justping returns average 60-80% packets lost for all locations but Santa Clara, which usually has 0-20% loss.

2. My VPS is in Dallas

3. My ISP is also in Dallas, yet justping their website returns 0 packets lost

4a. When I ping my site from Atlanta, the avg trip is 44 ms

4b. However, the first access of my website through a browser usually takes about 5-10 seconds to respond

4c. I assume that my customers have this same experience (if so, this is killing me on my sponsored search advertising)

5. subsequent navigation through the website is usually acceptably fast.

6. wait an hour or so, and the initial page load has 5-10 second response delay again (can be any page on the site)

7. perhaps related, WinMTR from my location in Atlanta shows an comcast IP in virginia that consistently has 20% loss. I have opened a trouble ticket with Comcast.

View 5 Replies View Related

Volumedrive.com Packets Lost

Aug 6, 2008

ping: 64.191.50.55
location result min. rrt avg. rrt max. rrt
Santa Clara, U.S.A. Okay 108.6 127.3 165.2
Florida, U.S.A. Okay 86.9 94.8 110.9
San Francisco, U.S.A. Okay 101.0 115.2 142.9
New York, U.S.A. Packets lost (30%) 47.0 50.2 54.3
Austin1, U.S.A. Packets lost (10%) 80.7 88.9 118.2
Austin, U.S.A. Packets lost (10%) 77.1 86.4 116.8
Vancouver, Canada Okay 172.9 185.3 240.5
Chicago, U.S.A. Packets lost (10%) 59.2 66.1 71.5
London, United Kingdom Okay 102.2 113.3 119.9
Amsterdam3, Netherlands Packets lost (30%) 126.7 129.9 132.7
Amsterdam2, Netherlands Packets lost (30%) 112.7 117.5 123.5
Stockholm, Sweden Packets lost (10%) 139.2 145.6 148.2
Cologne, Germany Packets lost (10%) 129.3 135.5 143.4
Amsterdam, Netherlands Packets lost (10%) 121.9 126.4 130.0
Krakow, Poland Packets lost (20%) 139.0 147.2 152.5
Madrid, Spain Packets lost (10%) 129.2 136.5 143.3
Paris, France Packets lost (10%) 129.4 132.1 135.7
Munchen, Germany Packets lost (20%) 133.5 137.0 142.0
Copenhagen, Denmark Packets lost (20%) 110.9 120.2 124.2
Lille, France Packets lost (10%) 117.8 123.5 127.6
Cagliari, Italy Packets lost (20%) 156.8 159.3 162.8
Sydney, Australia Packets lost (20%) 251.4 264.2 268.4
Melbourne, Australia Okay 280.7 291.1 301.5
Zurich, Switzerland Packets lost (10%) 155.3 163.6 169.1
Shanghai, China Okay 321.8 328.5 337.7
Hong Kong, China Packets lost (30%) 282.9 292.8 304.5
Porto Alegre, Brazil Packets lost (10%) 200.1 208.8 217.1
Singapore, Singapore Packets lost (20%) 311.3 333.3 371.3
Mumbai, India Packets lost (20%) 240.5 245.2 249.7
Johannesburg, South AfricaPackets lost (40%) 390.4 427.0 517.8

It is bad than my vps on vps4less.de .

View 11 Replies View Related

Dropping Empty UDP Packets

May 15, 2008

I currently have my own dedicated server located with the following prefs;

Linux: CentOS 4.6 (final)
Kernel Version: 2.6.9-67.0.15.ELsmp

I know this is possible, but I am seeking how to drop empty udp packets automatically with iptables.

View 2 Replies View Related

IPTables Rule Using Modules Limit & Length Simoultaneously

Apr 4, 2009

I am currently trying to limit incoming UDP length 20 packets on a per IP basis to 5 a second using IPTables on a Linux machine (CentOS 5.2).

Basically, if an IP is sending more than 5 length 20 UDP packet a second to the local machine, I would like the machine to drop the excess length 20 packets coming from that IP.

The modules that should work perfectly for this type of "rule set" are;

- Limiting module
- Length module

Both of which are installed / compiled with the kernel/IPTables correctly and functioning.

I have tried several rule sets, and they all seem to not fully work. Either they drop all UDP length 20 packets going to the local machine or allow all them through.

Below is one of the rule sets I use, and it is not working. Any ideas what the issue could be?

iptables -N UDPC1
iptables -A INPUT -p udp -m length --length 20 -j UDPC1
iptables -A UDPC1 -p udp -m length --length 20 -m limit --limit 5/second -j ACCEPT
iptables -A UDPC1 -j DROP

View 1 Replies View Related

How-to: Drop INVALID SYN Packets With Iptables

Jan 13, 2005

Feel free to use the following iptable commands below to drop INVALID SYN packets that sometimes are also used to flood the server..

/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,RST SYN,RST -j DROP

View 5 Replies View Related

Incoming / Outgoing Packets Blocked

Jun 22, 2009

I am facing very unique issue at two of my servers hosted at hivelocity from last 3 or 4 months.

In every couple of days all incoming and outgoing activity get stopped except on port 3386 (RDP) i.e. no one can get website hosted on the server or neither I can access any website from the server but all other services continue to work. A reboot to the server will solve the issue but that is only a temp solution.

I have checked event logs one by one but no issue or error found on it. I have even run the server without firewall but still it stops working.

Scanned the server from 3 different antiviruses one by one but they didn't found any virus.

Datacenter tech staff monitored the server and found no DoS or other such kind of attack on the server or IP.

I am totally clueless on this issue on how to solve it.... anybody here who can help me?

OS: Windows 2003
Firewall: Previous hardware based, then software based and now windows firewall (same issue with all)
Third party softwares: No
Scripts: ASP, ASP.NET, PHP
Database: SQL and MySQL

No other software installed on the server

View 5 Replies View Related

What's The Best Linux Firewall

Jul 10, 2008

I have 3 web servers that I need behind a firewall. Right now they're directly connected to the internet, and have little protection. I'd like to build my own Linux router and have done some research but not sure which is the best solution.

The main feature I need is the ability to forward ports based on the destination host header. Most firewall distros only allow you to forward port 80 to one IP address, but I need the router to send to different internal IPs for different sites.

I've looked at IPCOP and Smoothwall express and a few others, but the "free" ones don't seem to do this.

View 14 Replies View Related

File Size (content Length) Not Showing When Downloading Files

Jun 30, 2009

When I download a file from my server, only specific extensions are working. This is really annoying since I want to be able to see how much time left to finish a download.

For example I uploaded a video with .vob extension
file.vob --> does not show filesize when downloading

If I rename the same file to different extension:
file.avi --> works fine shows filesize when downloading
file.mp3 --> works fine shows filesize when downloading
file.rar --> works fine shows filesize when downloading
file.mp4 --> does not show filesize when downloading
file.wmv --> does not show filesize when downloading

These are direct download links, not using any download scripts or anything. Why are some extensions displaying the filesize and some not displaying them? I am using Apache 2.x server.

View 2 Replies View Related

Hosts With High Ping Packets Lost

Mar 14, 2009

On my way searching for an hosting provider, I try pinging every host.. some of them have packets lost, one between 20-30%.

View 10 Replies View Related

APF Software Firewall For Linux: Should I Use It

Feb 17, 2008

I am setting up a web hosting server in a datacenter.

Websites will be powered by Apache, MySQL and PHP.

I will be using CentOS 5 32 bit.

"APF Software Firewall for Linux" is offered as a free option by the datacenter.

Should I use it?

View 13 Replies View Related

Apache Under Attack :: Configured Request Variable Value Length Limit Exceeded

Apr 21, 2008

My server was unstable at this month sometimes fork 700 process and apache 80 access per second and that's made server very slow . very bad browsing

when i checked log files /var/log/messages found that errors

Apr 20 04:06:28 suhosin[798]: ALERT - configured request variable value length limit exceeded - dropped variable 'message' (attacker '212.107.116.238', file '/usr/local/cpanel/cgi-sys/php4')
Apr 22 00:27:05 suhosin[15442]: ALERT - configured request variable name length limit exceeded - dropped ....

View 6 Replies View Related

Apple's Mail.app Sending Invalid Packets To Mailserver

Aug 18, 2008

I am having a problem with a client who's using Mail.app and it seems to be sending invalid packets to the server. Here is a sample of the report from the firewall:

Code:
Hits: 21
Blocked: permanently

Sample of block hits:
Aug 17 11:24:14 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=48970 PROTO=TCP SPT=49174 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:14 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=5724 DF PROTO=TCP SPT=49173 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:14 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=23624 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:14 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=49421 DF PROTO=TCP SPT=49175 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:15 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=10507 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:21 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=38488 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:21 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=25402 DF PROTO=TCP SPT=49175 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:29 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=18975 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:29 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=52260 DF PROTO=TCP SPT=49175 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:29 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=18208 PROTO=TCP SPT=49174 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:45 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=30469 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:45 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=36698 DF PROTO=TCP SPT=49175 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:45 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=7445 PROTO=TCP SPT=49174 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:24:45 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=47645 DF PROTO=TCP SPT=49173 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:25:17 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=30465 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:25:17 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=44590 DF PROTO=TCP SPT=49175 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:25:17 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=2887 PROTO=TCP SPT=49174 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:25:17 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=35090 DF PROTO=TCP SPT=49173 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:26:21 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=4986 DF PROTO=TCP SPT=49176 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:26:21 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=42867 DF PROTO=TCP SPT=49175 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0
Aug 17 11:26:21 hosting kernel: Firewall: *INVALID* IN=eth0 OUT= MAC=00:30:1b:43:f6:3a:00:19:30:01:a1:40:08:00 SRC=90.196.160.135 DST=72.167.47.155 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=1310 PROTO=TCP SPT=49174 DPT=143 WINDOW=65535 RES=0x00 ACK FIN URGP=0

The report just says Invalid IN. Does anybody have any suggestions on what would be causing this? I use Mail.app myself and have never had problems with it triggering the firewall.

View 0 Replies View Related

How To Clear Firewall In Linux Server?

Dec 15, 2007

Hi,

can you please tell me how i can clear the firewall in my linux box?

It's CentOS but i'm not sure what type of firewall is installed on my box.

Hpe to get response soon,
toby

View 10 Replies View Related

Configuring A Linux Router/firewall

Nov 10, 2008

I run a small datacenter, and we are migrating from Cisco to Linux based routers.
This routers should run a firewall, DDOS mitigation rules, CBQ bandwidth limitation, etc..

I know how to mitigate DDOS using tcpdump, also I know how to route..

I just need some advice about the firewall, stopping basic DDOS, fragmented packets, etc..

Should I use APF firewall in this case? Is there a good IPTABLES set of rules I could use?

I'm giving up from Ciscos, as I just discovered there are some UDP packets that can easily break them. I tested it last night, and that was it, nothing secure A few traffic (bogus UDP packets) and the router was down for a few minutes.

View 5 Replies View Related

Plesk 12.x / Linux :: CLI - PSA Firewall Activation?

Apr 7, 2015

How to activate/enable the firewall by cli, does this is possible?

Firewall module is installed.

Option in plesk GUI working well.

Does this is possible ? If yes how ?

View 2 Replies View Related

Plesk 11.x / Linux :: How To Block Baidu In Firewall

Jan 15, 2015

Is that possible to block baidu without specifying whole list of IDs it's using ?

View 1 Replies View Related

Plesk 12.x / Linux :: FTP Performance Unusable With Firewall

Dec 17, 2014

I have these problems since version 11.5. Now I have installed version 12 on centos . FTP works fine and is super fast and speedy until i enable PLEK FIREWALL, I also tried to add passive port range 60000-65534 to Plesk Firewall rules.

But nothing works.

It takes like 10 times longer to Login + List Files + Make changes using FTP. We applying changes via FTp and its very slow. We can use plesk file manager but its very inconvenient way for quick file uploads and changes.

View 1 Replies View Related

Plesk 11.x / Linux :: Firewall Might Disable Itself After Updating To 11.5

Nov 26, 2013

I already posted this as a bug report and now wanted to inform other users.

Starting with Plesk 11.5, the file "/opt/psa/var/modules/firewall/firewall-emergency.sh" contains the following line:

Code:
rm -f /opt/psa/var/modules/firewall/active.flag
That line stems from updating

Code:
Preparing to replace psa-firewall 11.0.9-debian6.0.build110120608.16 (using .../psa-firewall_11.5.30-debian6.0.build115130819.13_amd64.deb) ...
Unpacking replacement psa-firewall ...

Now, when you stop the firewall, you cannot start it again, cause deleting the active.flag disables the firewall:

Code:

# ll /opt/psa/var/modules/firewall/active.flag
-rw-r--r-- 1 root root 0 2013-11-26 09:22 /opt/psa/var/modules/firewall/active.flag

# /etc/init.d/psa-firewall stop
psa-firewall: firewall successfully disabled

# ll /opt/psa/var/modules/firewall/active.flag
ls: cannot access /opt/psa/var/modules/firewall/active.flag: No such file or directory

# /etc/init.d/psa-firewall start
psa-firewall: service is disabled

You then have to manually "touch" the active.flag to be able to start the firewall again. A workaround is to remove the line:

Code:
sed -i 's:rm -f /opt/psa/var/modules/firewall/active.flag::' /opt/psa/var/modules/firewall/firewall-emergency.sh'

I really hope that Parallels fixes this asap, as normally you won't notice that the firewall is not active when every works fine (nothing is blocked) and Plesk still shows all the rules.

View 14 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved