Linux Forums - Linux Help,Advice & support community:LinuxSolved.com

Network Troublshooting => General Networking Support in Linux => Topic started by: contenthost on March 29, 2004, 01:58:23 AM

Title: Blocking Atacks
Post by: contenthost on March 29, 2004, 01:58:23 AM
Was Wondering if there's any scripts that would detect a icmp flooding and start blocking ips. Thank you!


Running Red Hat 9
Title: Blocking Atacks
Post by: dragoncity99 on March 29, 2004, 08:44:15 AM
Try using iptables, it's very useful.

http://www.linuxguruz.com/iptables/howto/iptables-HOWTO.html#toc3
Title: Blocking Atacks
Post by: Ricky on March 29, 2004, 03:21:42 PM
May u can use Firestarter if you dont' want to gamble with iptables manually..
Title: Blocking Atacks
Post by: contenthost on March 29, 2004, 04:17:16 PM
im using Iptables has it is i just want to a script that would detect a ICMP at a certain rare of incomming packets and add them to iptables.
Title: Blocking Atacks
Post by: dragoncity99 on March 30, 2004, 04:59:55 AM
Huh?? Can u explain again? I don't quite catch ur explaination. Sorry and thank you.

Is it a question or a statement?
Title: Blocking Atacks
Post by: Ricky on March 30, 2004, 08:06:26 AM
May be he is saying that need a script which detect that now ICMP is getting flooded so block them. And after few times it again opens that. Is that so contenthost ?
Title: Blocking Atacks
Post by: contenthost on March 30, 2004, 08:12:01 AM
yes exactly :)
Title: Blocking Atacks
Post by: dragoncity99 on March 31, 2004, 05:18:34 AM
OIC. Is it that the rule that u added is at command prompt when u logged in. But when u restart ur pc, the rule is gone?

Type this to check on the next start up: iptables -L -n

From wat i know, in certain distros, the rules that u add are temporary when u add it on that day. But when the next boot or restart, ur firewall script will be flushed (in otherwords it's reset to the default rules). In order to avoid this, create a text file and add the script and save it.

chmod +x to make it executable and load the script each time ur linux boots. U can alternatively, add the firewall rule into the boot up script (such as rc.local in /etc/rc.d directory) to run as well.
Title: Blocking Atacks
Post by: contenthost on March 31, 2004, 05:01:12 PM
Ya Been doing that has it is. just wanted something that would do that auto for me since i can keep watching it everyday on every min.
Title: Blocking Atacks
Post by: kenchix1 on April 05, 2004, 02:23:07 AM
I wish for the firewall using iptables tutorial soon be out. (plllsssss)   :cry: