Re: [CentOS] Hacking Issue

2011-09-27 Thread Micky L Martin
On Mon, Sep 26, 2011 at 10:10 AM, wrote: > Theo Band wrote: > > On 09/26/2011 01:02 PM, Jennifer Botten wrote: > >> > >> I am having an issue with someone accessing our server via a SIP/VOIP > >> connection. I have changed my iptables rules to drop all UDP traffic > >> from and too this IP addres

Re: [CentOS] Hacking Issue

2011-09-26 Thread m . roth
Theo Band wrote: > On 09/26/2011 01:02 PM, Jennifer Botten wrote: >> >> I am having an issue with someone accessing our server via a SIP/VOIP >> connection. I have changed my iptables rules to drop all UDP traffic >> from and too this IP address, but this traffic seems to still run >> through my se

Re: [CentOS] Hacking Issue

2011-09-26 Thread Theo Band
On 09/26/2011 01:02 PM, Jennifer Botten wrote: > > Hi, > > > > I am having an issue with someone accessing our server via a SIP/VOIP > connection. I have changed my iptables rules to drop all UDP traffic > from and too this IP address, but this traffic seems to still run > through my server. Thes

Re: [CentOS] Hacking Issue

2011-09-26 Thread Micky L Martin
I would use an '-I' instead of '-A' if its a case of blocking an intruder. You can use tcpdump and 'ss -l' as well. Check out the application logs, try to see what's the intruder is up to! On Mon, Sep 26, 2011 at 7:14 AM, Keith Roberts wrote: > On Mon, 26 Sep 2011, Jennifer Botten wrote: >

Re: [CentOS] Hacking Issue

2011-09-26 Thread Keith Roberts
On Mon, 26 Sep 2011, Jennifer Botten wrote: > To: centos@centos.org > From: Jennifer Botten > Subject: [CentOS] Hacking Issue > > Hi, > > > > I am having an issue with someone accessing our server via a SIP/VOIP > connection. I have changed my iptables rules to drop all UDP traffic from > and to

Re: [CentOS] Hacking Issue

2011-09-26 Thread Jorge Fábregas
On 09/26/2011 07:45 AM, Jennifer Botten wrote: > I am blocking UDP and TCP from that IP. I also have an OUTPUT rule however > mine has the -o eth0 as the -i eth0 does not work. Yes, I had it wrong. For the OUTPUT chain you use the -o ethX. Perhaps you have an ALLOW rule for udp or some other crit

Re: [CentOS] Hacking Issue

2011-09-26 Thread Jennifer Botten
-Original Message- From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf Of Jorge Fábregas Sent: 26 September 2011 01:09 PM To: centos@centos.org Subject: Re: [CentOS] Hacking Issue On 09/26/2011 07:02 AM, Jennifer Botten wrote: > -A INPUT -i eth0 -d 209.61.231

Re: [CentOS] Hacking Issue

2011-09-26 Thread Jorge Fábregas
On 09/26/2011 07:02 AM, Jennifer Botten wrote: > -A INPUT -i eth0 -d 209.61.231.42 -p udp -j DROP This needs to be: -A OUTPUT -i eth0 -d 209.61.231.42 -p udp -j DROP ...if you want to drop packets initiated from your system to that ip...which doesn't make any sense if you're dropping all the inc