Re: Ping flood - /dev/rob0

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: /dev/rob0 <rob0@gmx.co.uk>
To: netfilter@lists.netfilter.org
Subject: Re: Ping flood
Date: Tue, 1 Nov 2005 11:19:31 -0600	[thread overview]
Message-ID: <200511011119.31267.rob0@gmx.co.uk> (raw)
In-Reply-To: <43677BFD.3080805@darkstar.nom.za>

On Tuesday 2005-November-01 08:30, Paulo Andre wrote:
> I have the following log:
> Nov  1 09:10:40 guardian ---SA_IN--- IN=eth1 OUT=
> MAC=ff:ff:ff:ff:ff:ff:00:e0:1e:83:d5:19:08:00  SRC=64.34.170.237

Who is this?

$ host 64.34.170.237
237.170.34.64.in-addr.arpa domain name pointer server1.ircnapoli.com.
$ whois $_
Peer 1 Network Inc. PEER1-BLK-08 (NET-64-34-0-0-1)
                                  64.34.0.0 - 64.34.255.255
ServerBeach PEER1-SERVERBEACH-02 (NET-64-34-160-0-1)
                                  64.34.160.0 - 64.34.191.255
...
$ host server1.ircnapoli.com.
server1.ircnapoli.com has address 64.34.170.237

> DST=255.255.255.255 LEN=1072 TOS=00 PREC=0x40 TTL=243 ID=12209 DF
> PROTO=ICMP TYPE=8 CODE=0 ID=0 SEQ=0

That's a broadcast ping.

> I am receiving thousands of these a day, icmp traffic is blocked with
> iptables. But still this traffic is coming up the line. Is my only

How much is a flood? Is it eating all your bandwidth?

> solution to contact the ISP or is there something I can do in
> iptables/linux?

Contact the person in charge of server1.ircnapoli.com. If you're really 
under a DoS attack, by all means, call the ISP.

If it's just an annoying log message, adjust your LOG rules so that 
these are not logged. You don't need netfilter logging to know when 
you're under DoS attack. Your network connection won't work.
-- 
    mail to this address is discarded unless "/dev/rob0"
    or "not-spam" is in Subject: header

next prev parent reply	other threads:[~2005-11-01 17:19 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-11-01 14:30 Ping flood Paulo Andre
2005-11-01 17:08 ` Zoltan Nagy
2005-11-02 21:36   ` R. DuFresne
2005-12-06 21:11   ` Nick Drage
2005-11-01 17:19 ` /dev/rob0 [this message]
2005-12-06 21:34   ` Nick Drage

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200511011119.31267.rob0@gmx.co.uk \
    --to=rob0@gmx.co.uk \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox