PSAD Firewall/ UDP flood?

Posted by Asad Moeen on Server Fault See other posts from Server Fault or by Asad Moeen
Published on 2012-03-16T11:19:43Z Indexed on 2012/07/10 15:18 UTC
Read the original article Hit count: 291

Filed under:

firewall

|

psad

Well I'm actually trying to block a UDP Flood on the Application port because the string "getstatus" is causing my application to make large output due to a small input to the attacker's IP.

I installed PSAD firewall to do the job.

psad -S shows 3000,000 logged packets at the application port and top ports in Scan but does not block the IP of the attacker however other IP Addresses with small number of connections are dropped. I'm thinking that since output is also being made to the attacker, this is why its not getting blocked because iptables rate-limiting is also exactly doing the same thing and not blocking the IP where outgoing connection is also made.

Any guesses why it won't work?

© Server Fault or respective owner

Related posts about firewall

Managed hosting firewall vs managing own firewall

as seen on Server Fault - Search for 'Server Fault'
I posted on stackoverflow as to the overall benefits of managed hosting vs non-managed hosting. The more I think about it, it seems to boil down to one question: should I use a managed host because they take care of the firewall, or would I be okay managing my own, software firewall? The sites… >>> More
Hardware firewall vs VMWare firewall appliance

as seen on Server Fault - Search for 'Server Fault'
We have a debate in our office going on whether it's necessary to get a hardware firewall or set up a virtual one on our VMWare cluster. Our environment consists of 3 server nodes (16 cores w/ 64 GB RAM each) over 2x 1 GB switches w/ an iSCSI shared storage array. Assuming that we would be dedicating… >>> More
Firewall behind firewall

as seen on Server Fault - Search for 'Server Fault'
I've recently changed jobs and I've been set up with a new workstation. On all previous places where I've been working they've had some sort of local firewall installed on each and every workstation - but here I've been told not to activate it because it is not necessary since we're already behind… >>> More
We have no SW Firewall behind our office HW firewall, admin says its not req'd

as seen on Server Fault - Search for 'Server Fault'
I've recently changed jobs and I've been set up with a new workstation. On all previous places where I've been working they've had some sort of local firewall installed on each and every workstation - but here I've been told not to activate it because it is not necessary since we're already behind… >>> More
Can't get FTP to work on centOS 5.6

as seen on Server Fault - Search for 'Server Fault'
Hi guys I have been trying for a few hours to install and get FTP to work... I did yum install ftp and yum install vsftpd They all installed and are running but when I try to use filezilla or some other client I just can't connect....I've tried connecting on port 21 and port 990 ....nothing! These… >>> More

Related posts about psad

PSAD Firewall/ UDP flood?

as seen on Server Fault - Search for 'Server Fault'
Well I'm actually trying to block a UDP Flood on the Application port because the string "getstatus" is causing my application to make large output due to a small input to the attacker's IP. I installed PSAD firewall to do the job. psad -S shows 3000,000 logged packets at the application port and… >>> More
What tool or scripts do you use to audit a Linux box?

as seen on Server Fault - Search for 'Server Fault'
I use the following tools for my auditing needs A) System Auditing and Hardening (One time) 1) Linux Security Auditing Tool (Security centric,Text based output ) 2) Dmidecode ( Retrieves info from BIOS ) 3) Systeminfo ( Generates a nice html report) 4) Syssumm (Inactive since Oct 2000) 5) Rootkit… >>> More
How do you make Bastille work and secure Ubuntu 12.04? It doesnt work for me `sudo bastille -x`

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I was able to install bastille from the normal repositories and then run the GUI. After going through the options and clicking OK to apply, it showed these errors. Do you know why Bastille wont work on Ubuntu 12.04? NOTE: Executing PSAD Specific Configuration NOTE: Executing File Permissions… >>> More
UNIX-Security Advise

as seen on Server Fault - Search for 'Server Fault'
Hello, I want to build a quite secure UNIX-Server. Mechanisms I already implemented: SNORT + fwsnort for banning psad to block network-scanning attempts Portknocking to start+open SSH (key-based login - no password) hourly update of IP-Tables-Rules from a Security-Subscription Fail2Ban ClamAV &… >>> More
What is causing the unusual high load average and IOwait?

as seen on Server Fault - Search for 'Server Fault'
I noticed on Tuesday night of last week, the load average went up sharply and it seemed abnormal since the traffic is small. Usually, the numbers usually average around .40 or lower and my server stuff (mysql, php and apache) are optimized. I noticed that the IOWait is unusually high even though the… >>> More