Re: Help: network abuse
On Thu, Dec 21, 2023 at 10:31:06AM -0500, Pocket wrote:
> All you should be seeing is scans which you can not prevent.
I am looking at incoming packets with tcpdump. This sees packets *before* they
are filtered by iptables.
> What are you using for a firewall?
Something hand rolled. Reasonably complicated (over 300 rules) as it deals
with: internet, VPN, DMZ, internal network for virtual machines.
It is NOT a firewall issue.
> It is my belief that your firewall is NOT setup correctly and that is why
> you are seeing the traffic.
My firewall *cannot* deal with packets before they hit my machine. They only
hit my machine after they have arrived over broadband.
The only thing that I might be able to do is to somehow prevent discovery that my
machine is listening on port 80 -- that would mean somehow distinguishing
between a genuine visitor and one that is mapping the Internet to later pass
that map somewhere else which generates the unwanted traffic that I see.
> Amazon AWS system. should not be able to hit your http server, unless you
> want it to.
How do I distinguish between wanted & unwanted connections. The only thing that
I can think of is to DROP incoming packets if the source port is 80 or 443 -
which would disrupt the mapping process.
However: if the mapping process uses normal TCP (ie high/random port number)
this would do little.
--
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256 https://www.phcomp.co.uk/
Parliament Hill Computers. Registration Information: https://www.phcomp.co.uk/Contact.html
#include <std_disclaimer.h>
Reply to: