[nylug-talk] Help: Under Attack! (SYN flood)
Chris Knadle
Chris.Knadle at coredump.us
Mon Nov 5 17:30:50 EST 2007
On Monday 05 November 2007, Peter C. Norton wrote:
> On Mon, Nov 05, 2007 at 04:56:23PM -0500, Chris Knadle wrote:
> > On Monday 05 November 2007, Peter C. Norton wrote:
> > > On Sun, Nov 04, 2007 at 01:19:02AM -0400, Chris Knadle wrote:
> > > > On Saturday 03 November 2007, Joachim Stahl wrote:
> > > > > I'm just confused as to why tcpdump still shows it.
> > > >
> > > > You need to run tcpdump with the -p option, otherwise it will put
> > > > the ethernet device into permiscuous mode and thus you'll see
> > > > everything rather than only what makes it through iptables.
> > >
> > > To clarify this, tcpdump is trying to show you what the bits on the
> > > wire are, and not what your kernel has filtered out vs. what passes
> > > through.
> >
> > I've been running some tests and I think you're right. But if that's
> > indeed the case, then how can one watch iptables block packets? Is
> > setting iptables to log the only choice?
>
> If you don't want to log, just watch the counters in iptables
> (eg. with -v -L).
Agh! Sure enough.
Thanks for correcting me on both of these things.
Joe -- sorry if I unintentionlly misled you.
-- Chris
--
Chris Knadle
Chris.Knadle at coredump.us
More information about the nylug-talk
mailing list