[nylug-talk] Help: Under Attack! (SYN flood)
Chris Knadle
Chris.Knadle at coredump.us
Mon Nov 5 16:56:23 EST 2007
On Monday 05 November 2007, Peter C. Norton wrote:
> On Sun, Nov 04, 2007 at 01:19:02AM -0400, Chris Knadle wrote:
> > On Saturday 03 November 2007, Joachim Stahl wrote:
> > > I'm just confused as to why tcpdump still shows it.
> >
> > You need to run tcpdump with the -p option, otherwise it will put the
> > ethernet device into permiscuous mode and thus you'll see everything
> > rather than only what makes it through iptables.
>
> To clarify this, tcpdump is trying to show you what the bits on the
> wire are, and not what your kernel has filtered out vs. what passes
> through.
I've been running some tests and I think you're right. But if that's
indeed the case, then how can one watch iptables block packets? Is setting
iptables to log the only choice?
-- Chris
--
Chris Knadle
Chris.Knadle at coredump.us
More information about the nylug-talk
mailing list