Incident Report - iptables deny of http service. Doug's Rough Notes. 2014.03.26 WWW.Smythies.com

Incident Report - iptables deny of http service. Doug's Rough Notes. WWW.Smythies.com

There was an attempt from 85.17.75.221 to read the entire web site. The firewall (iptables) rule set in place at the time was supposed to help in such a situation. It did the opposite, actually blocking the desired peoples access.

iptables summary.
rule set segment.
kernel log file related segment (large file, 0.5 Mega Bytes).
all packets to/from 85.17.75.221 (large file, .9 Mega Bytes ).
port 80 tcpdump data for the related period (large file, 1.3 Mega Bytes ).

The proposed solution is to use the badguy detector with a carry out table to basically extend the hit count.

.. Doug put new rule set here ..

References:
http://www.thatsgeeky.com/2011/02/escalating-consequences-with-iptables/

Incident Report - iptables deny of http service. Doug's Rough Notes. WWW.Smythies.com emaildoesnotwork@smythies.com 2014.03.31 Updated 2014.03.31