Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Technical

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 14th February 2006, 09:46
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,262
Thanks: 78
Thanked 24 Times in 20 Posts
Default

@till
nothing noticeable in the logfiles neither in their size, thats why I was asking for help with logging...

@falko
I have had another attack these days, the peaks I am talking about are the green ones, thats incoming traffic. The red ones are indeed the nightly backups which indicates outgoing traffic.

these attacks did not do any harm, the server is still available as I found out by chance. The last attack was registered at midnight, but Strato only cut off my server the next day at lunch so I was able to see what happened: the server load went up to 12 and more, still everything was functionable, the DOS did not succeed, to me it looks like the attacking server was not powerfull enough?

yet strato does not like these attacks and threatened to cancel my contract if there will be any more occurances. So I need logging to file abuse complaints about the originating server.
Reply With Quote
Sponsored Links
  #12  
Old 14th February 2006, 10:50
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,046
Thanks: 826
Thanked 5,386 Times in 4,231 Posts
 
Default

Did you had a look at bastille for logging?

/etc/Bastille/bastille-firewall.cfg

There are some options that might help you:

Quote:
# 12) Logging (all systems)
# With this enabled, ipchains will log all blocked packets.
# ** this could generate huge logs **
# This is primarily intended for the port mointoring system;
# also note that you probably do not want to "AUDIT" any services
# that you are not allowing, as doing so would mean duplicate
# logging
LOG_FAILURES="N" # do not log blocked packets

# 13) Block fragmented packets (all systems)
# There's no good reason to allow these
#ALLOW_FRAGMENTS="N" # safest
ALLOW_FRAGMENTS="Y" # old behavior

# 14) Prevent SMB broadcasts from leaking out NAT setup (all systems)
# Windows machines will poll teh net with SMB broadcasts,
# basically advertising their existence. Most folks agree
# that this traffic should be dropped
#DROP_SMB_NAT_BCAST="N" # allow them (are you sure?)
DROP_SMB_NAT_BCAST="Y" # drop those packets

# 15) Log level (iptables/netfilter/Linux 2.4 only)
# Control what level of logging is used when the firewall logs
# information. Default is warning (4). Lowest priority is
# debug (7); highest is emergency (0). To prevent syslog
# from copying iptables error messages to the console, set
# this to 6 (7 would also work, but 6 is recommended)
# You can also stop syslogd/klogd from printing kernel
# messages to the console by issuing the command
# setterm -msg off
#IP_LOG_LEVEL=6 # level used in 2.2/ipchains
IP_LOG_LEVEL=4 # iptables/netfilter default

# 16) Always attempt to use stateful features for inbound connections
# Always using state will allow the firewall to reject invalid
# packets sent to otherwise open TCP services, e.g. XMAS, NULL
# and SIN/FYN scans. The downside to choosing this behavior is that
# services may become unreachable if the packet filter's state
# table becomes full.
IP_ALWAYS_USE_STATE="N" # default, ensures services remain available
#IP_ALWAYS_USE_STATE="Y" # disallow invalid packets
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Mail not working Roadracer Installation/Configuration 16 30th December 2005 23:40
Email - Ueb-Miau mazhar Installation/Configuration 5 21st December 2005 10:01
Server Not Autorative for Domain Error drbista Installation/Configuration 10 20th December 2005 16:41
The Perfect Setup Suse 9.3 - Postfix problems new_bee05 HOWTO-Related Questions 20 25th November 2005 02:30
Server can't "see" the internet Luciano Installation/Configuration 8 22nd August 2005 23:22


All times are GMT +2. The time now is 04:36.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.