Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Technical

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Thread Tools Display Modes
Old 14th February 2006, 10:46
Ovidiu Ovidiu is offline
Senior Member
Join Date: Sep 2005
Posts: 1,269
Thanks: 84
Thanked 25 Times in 21 Posts

nothing noticeable in the logfiles neither in their size, thats why I was asking for help with logging...

I have had another attack these days, the peaks I am talking about are the green ones, thats incoming traffic. The red ones are indeed the nightly backups which indicates outgoing traffic.

these attacks did not do any harm, the server is still available as I found out by chance. The last attack was registered at midnight, but Strato only cut off my server the next day at lunch so I was able to see what happened: the server load went up to 12 and more, still everything was functionable, the DOS did not succeed, to me it looks like the attacking server was not powerfull enough?

yet strato does not like these attacks and threatened to cancel my contract if there will be any more occurances. So I need logging to file abuse complaints about the originating server.
Reply With Quote
Sponsored Links
Old 14th February 2006, 11:50
till till is offline
Super Moderator
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts

Did you had a look at bastille for logging?


There are some options that might help you:

# 12) Logging (all systems)
# With this enabled, ipchains will log all blocked packets.
# ** this could generate huge logs **
# This is primarily intended for the port mointoring system;
# also note that you probably do not want to "AUDIT" any services
# that you are not allowing, as doing so would mean duplicate
# logging
LOG_FAILURES="N" # do not log blocked packets

# 13) Block fragmented packets (all systems)
# There's no good reason to allow these
ALLOW_FRAGMENTS="Y" # old behavior

# 14) Prevent SMB broadcasts from leaking out NAT setup (all systems)
# Windows machines will poll teh net with SMB broadcasts,
# basically advertising their existence. Most folks agree
# that this traffic should be dropped
#DROP_SMB_NAT_BCAST="N" # allow them (are you sure?)
DROP_SMB_NAT_BCAST="Y" # drop those packets

# 15) Log level (iptables/netfilter/Linux 2.4 only)
# Control what level of logging is used when the firewall logs
# information. Default is warning (4). Lowest priority is
# debug (7); highest is emergency (0). To prevent syslog
# from copying iptables error messages to the console, set
# this to 6 (7 would also work, but 6 is recommended)
# You can also stop syslogd/klogd from printing kernel
# messages to the console by issuing the command
# setterm -msg off
#IP_LOG_LEVEL=6 # level used in 2.2/ipchains
IP_LOG_LEVEL=4 # iptables/netfilter default

# 16) Always attempt to use stateful features for inbound connections
# Always using state will allow the firewall to reject invalid
# packets sent to otherwise open TCP services, e.g. XMAS, NULL
# and SIN/FYN scans. The downside to choosing this behavior is that
# services may become unreachable if the packet filter's state
# table becomes full.
IP_ALWAYS_USE_STATE="N" # default, ensures services remain available
#IP_ALWAYS_USE_STATE="Y" # disallow invalid packets
Till Brehm
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Mail not working Roadracer Installation/Configuration 16 31st December 2005 00:40
Email - Ueb-Miau mazhar Installation/Configuration 5 21st December 2005 11:01
Server Not Autorative for Domain Error drbista Installation/Configuration 10 20th December 2005 17:41
The Perfect Setup Suse 9.3 - Postfix problems new_bee05 HOWTO-Related Questions 20 25th November 2005 03:30
Server can't "see" the internet Luciano Installation/Configuration 8 23rd August 2005 00:22

All times are GMT +2. The time now is 06:28.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.