SYN-FLOOD to LDAPS port from clients
Crucificator
crucificator at home.ro
Mon May 31 08:37:16 UTC 2004
Pete Nesbitt wrote:
>On May 24, 2004 07:09 pm, Ryan Golhar wrote:
>
>
>>I'm running an LDAP server to authenticate users using secure ldap on
>>port 636 -- standard port. The client access the server and I get the
>>following messages on server from the firewall:
>>
>>May 23 04:02:10 myserver kernel: SYN-FLOOD: IN=eth0 OUT=
>>MAC=00:07:e9:ac:2a:22:00:04:c1:55:a7:c2:08:00 SRC=192.168.10.122
>>DST=192.168.10.2 LEN=60 TOS=0x00 PREC=0x00 TTL=59 ID=31600 DF PROTO=TCP
>>SPT=36082 DPT=636 WINDOW=5840 RES=0x00 SYN URGP=0
>>
>>I get these quite frequently from each client. My iptables firewall
>>rule is as follows:
>>
>>On the input chain:
>>-A LINWIZ-INPUT -p tcp -m tcp --syn -j SYN-FLOOD
>>
>>On the SYN-FLOOD chain:
>>-A SYN-FLOOD -m limit --limit 1/s --limit-burst 4 -j RETURN
>>-A SYN-FLOOD -j LOG --log-prefix "SYN-FLOOD: "
>>-A SYN-FLOOD -j DROP
>>
>>Are my rules incorrect, or is it truly ldap clients flooding the server?
>>
>>-----
>>Ryan Golhar
>>Computational Biologist
>>The Informatics Institute at
>>The University of Medicine & Dentistry of NJ
>>
>>Phone: 973-972-5034
>>Fax: 973-972-7412
>>Email: golharam at umdnj.edu
>>
>>
>
>
>Hi Ryan,
>What other rules are in place?
>Can you either post your iptables script or else the output of "iptables -L"?
>
>Are the clients successfulling connecting/authenticating?
>
>
I think you should add the match establish & related rule
More information about the redhat-list
mailing list