Hi
I received an email from data center last nigh, and they told me you have udp huge attack, and they closed all my UDP now.
I'm running CentOS5 64bit, using APF as firewall.
I blocked this 2 IP, and on my apf open ports are:
I tried rkhunter and did not fount any problem.
My question: how to find who or what is attacking me?
Then how to prevent?
Thanks to all.
I received an email from data center last nigh, and they told me you have udp huge attack, and they closed all my UDP now.
Code:
2011-02- 20:22:26 alert x.x.x.x 94.23.35.98 anomaly: udp_flood, 2281 > threshold 800, repeats 136841 times
2011-02- 17:14:07 alert x.x.x.x 46.19.136.100 anomaly: udp_flood, 1457 > threshold 800, repeats 113643
I'm running CentOS5 64bit, using APF as firewall.
I blocked this 2 IP, and on my apf open ports are:
Code:
# Common inbound (ingress) UDP ports
IG_UDP_CPORTS="20,21,53,"
# Common inbound (ingress) TCP ports
IG_TCP_CPORTS="21,212,25,53,80,443,110,143,2222,2525,35000_35999"
I tried rkhunter and did not fount any problem.
My question: how to find who or what is attacking me?
Then how to prevent?
Thanks to all.