Re: how to block everything from an entire /24
Your firewall (ipchains) is denying packets. This line shows packets
coming in to the machine over eth0 from 126.96.36.199 on port 1053 (an
unprivileged port) destined for 188.8.131.52, port 80 (WWW). This would
be a normal http connection if you are running a web server on
184.108.40.206 and eth0 is the interface that connects to the Net but you
wouldn't want your firewall blocking it. If you are not running a Web
sever, this entry is a good thing.
> Apr 8 22:38:53 ickis kernel: Packet log: input DENY eth0 PROTO=6 220.127.116.11:1053
> 18.104.22.168:80 L=59 S=0x00 I=38406 F=0x4000 T=106 (#1)
These lines shows packets coming in to the machine over eth0 from
22.214.171.124 on ports 1076 and 1077(unprivledged) destined for
126.96.36.199, ports 31 and 33 which are unassigned. There is no valid
reason that someone should be trying to connect to these ports!
> Apr 8 22:38:54 ickis kernel: Packet log: input DENY eth0 PROTO=6 188.8.131.52:1076
> 184.108.40.206:31 L=48 S=0x00 I=38662 F=0x4000 T=106 SYN (#1)
> Apr 8 22:38:54 ickis kernel: Packet log: input DENY eth0 PROTO=6 220.127.116.11:1077
> 18.104.22.168:33 L=48 S=0x00 I=38918 F=0x4000 T=106 SYN (#1)
Since you show packets coming from the same IP to numerous ports
(including ports that *no one* should be trying to connect to) I'd guess
that your machine is being probed for security holes.
The above lines (by themselves) will not drive your load average up
(unless there are thousands of them). If I had to guess I'd say that
someone found a security hole on your system, or at least attempted to
You need to *quickly* get a good book on using ipchains and set up a
firewall. If you don't understand firewalling (which is what it sounds
like but that's OK we've all been there) doing it without guidance can
be basically useless.
> and also, how do i block out everything coming from 22.214.171.124/24?
ipchains -A input -i eth0 -s 126.96.36.199/24 -j DENY -l
ipchains -A output -i eth0 -d 188.8.131.52/24 -j DENY -l
To understand what is going on with a high load average try running top
for a snapshot of what is going on.
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting