Drop probe ip by iptables

jason — Mon, 24 Oct 2011 13:12:16 +0000

Modify crontab

* * * * * root /home/cnscn/sh/ssh_scan_crontab.sh >/dev/null 2>&1

ssh_scan_crontab.sh script

$ cat /home/cnscn/sh/ssh_scan_crontab.sh

#!/bin/bash

# Author http://jabin.cublog.cn

# Modify cnscn http://cnscn2008.cublog.cn

# Modify xinyv

#set timezone

export LC_ALL=UTC

# gather 1 minutes log from secure，count and drop it by iptables

SCANNER=$(awk 'BEGIN{ tm=strftime("%b %e %H:%M",systime()-60);}  $0 ~ tm && /Failed password/ && /ssh2/ {print $(NF-3)}' /var/log/secure |sort|uniq -c |awk '{print $1"="$2;}')

… Read the rest

Iptables ip_conntrack table set-up and tunning for high load UDP traffic

jason — Tue, 02 Mar 2010 10:55:09 +0000

If you run a busy DNS server or any other service that uses a lot of UDP traffic, it’s possible that your default Iptable conntrack sessions (connection tracking entries in kernel memory) settings are too low and netfilter is unable to track all your sessions.

The error is usually something like this:

Sep 10 12:53:44 hostname01 kernel: ip_conntrack: table full, dropping packet.

You need to tune sysctl net.ipv4.ip_conntrack_max value, let’s say increase it twice or more times and see if you still get the error messages on the console or syslog.

Depending on your OS, the formula for calculating the… Read the rest

GO IT WORLD | IT TECH | IT NEWS » iptables

Drop probe ip by iptables

Iptables ip_conntrack table set-up and tunning for high load UDP traffic