From: "Neil Wilson" <neil@dcdata.co.za>
To: linux-ppp@vger.kernel.org
Subject: pppd Filtering
Date: Fri, 10 Sep 2004 09:10:01 +0000 [thread overview]
Message-ID: <0bb901c49715$f4272510$0300a8c0@neilw> (raw)
Hi Guys,
I have been trying to solve a problem with a server staying online and not
disconnecting, because activity is keeping the link up.
The activity from the /var/log/messages is "IN=ppp0 OUT= MACSRC\x155.239.185.193 DST\x155.239.198.170 LENH TOS=0x00 PREC=0x00 TTL\x123
IDI468 DF PROTO=TCP SPT\x1919 DPTD5 WINDOW‡60 RES=0x00 SYN URGP=0"
As far as I am aware this is activity cause by the Sasser worm trying to get
into my network, and it is getting blocked by the firewall.
I have tried using ppp filtering to stop these,with the line 'active-filter
"not port 445"' in the options.demand file, but this has made no difference.
I have also tried using different syntax's, including adding "inbound" or
"outbound", and I get the following error. "pppd: error in active-filter
expression: inbound/outbound not supported on linktype 0"
Please could someone help me in filtering this activity, so that my server
disconnects when it is supposed to.
I am running slackware 10, with ppp filtering compiled in the kernel by
default, and pppd has the filter option enable also by default.
My idle time is set to 120 in my options.demand file.
Many thanks in advance!
Neil Wilson
next reply other threads:[~2004-09-10 9:10 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-10 9:10 Neil Wilson [this message]
2004-09-10 20:43 ` pppd Filtering Clifford Kite
2004-09-14 21:18 ` Gilles Espinasse
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='0bb901c49715$f4272510$0300a8c0@neilw' \
--to=neil@dcdata.co.za \
--cc=linux-ppp@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.