PSAD Firewall/ UDP flood?
Posted
by
Asad Moeen
on Server Fault
See other posts from Server Fault
or by Asad Moeen
Published on 2012-03-16T11:19:43Z
Indexed on
2012/07/10
15:18 UTC
Read the original article
Hit count: 324
Well I'm actually trying to block a UDP Flood on the Application port because the string "getstatus" is causing my application to make large output due to a small input to the attacker's IP.
I installed PSAD firewall to do the job.
psad -S shows 3000,000 logged packets at the application port and top ports in Scan but does not block the IP of the attacker however other IP Addresses with small number of connections are dropped. I'm thinking that since output is also being made to the attacker, this is why its not getting blocked because iptables rate-limiting is also exactly doing the same thing and not blocking the IP where outgoing connection is also made.
Any guesses why it won't work?
© Server Fault or respective owner