Re: SYN-FLOOD to LDAPS port from clients

From: Crucificator (crucificator_at_home.ro)
Date: 05/31/04

  • Next message: Alexey Fadyushin: "Re: Automatically assigning user quotas" 
    Date: Mon, 31 May 2004 11:37:16 +0300
To: General Red Hat Linux discussion list <redhat-list@redhat.com>

    Pete Nesbitt wrote:

    >On May 24, 2004 07:09 pm, Ryan Golhar wrote:
    >
    >
    >>I'm running an LDAP server to authenticate users using secure ldap on
    >>port 636 -- standard port. The client access the server and I get the
    >>following messages on server from the firewall:
    >>
    >>May 23 04:02:10 myserver kernel: SYN-FLOOD: IN=eth0 OUT=
    >>MAC=00:07:e9:ac:2a:22:00:04:c1:55:a7:c2:08:00 SRC=192.168.10.122
    >>DST=192.168.10.2 LEN=60 TOS=0x00 PREC=0x00 TTL=59 ID=31600 DF PROTO=TCP
    >>SPT=36082 DPT=636 WINDOW=5840 RES=0x00 SYN URGP=0
    >>
    >>I get these quite frequently from each client. My iptables firewall
    >>rule is as follows:
    >>
    >>On the input chain:
    >>-A LINWIZ-INPUT -p tcp -m tcp --syn -j SYN-FLOOD
    >>
    >>On the SYN-FLOOD chain:
    >>-A SYN-FLOOD -m limit --limit 1/s --limit-burst 4 -j RETURN
    >>-A SYN-FLOOD -j LOG --log-prefix "SYN-FLOOD: "
    >>-A SYN-FLOOD -j DROP
    >>
    >>Are my rules incorrect, or is it truly ldap clients flooding the server?
    >>
    >>-----
    >>Ryan Golhar
    >>Computational Biologist
    >>The Informatics Institute at
    >>The University of Medicine & Dentistry of NJ
    >>
    >>Phone: 973-972-5034
    >>Fax: 973-972-7412
    >>Email: golharam@umdnj.edu
    >>
    >>
    >
    >
    >Hi Ryan,
    >What other rules are in place?
    >Can you either post your iptables script or else the output of "iptables -L"?
    >
    >Are the clients successfulling connecting/authenticating?
    >
    >
    I think you should add the match establish & related rule 

    -- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
  • Next message: Alexey Fadyushin: "Re: Automatically assigning user quotas"

    Relevant Pages

    • Re: LDAP - server slow or not serving
      ... Hi, I've got an FC3 openldap server with about 400 entries, working nicely with Outlook 2000/2002/2003 clients and with thunderbird/seamonkey clients. ... every user is getting errors stating problem with the ldap server. ... The server accepts the connection and I can type a few lines before it quits the connection. ...
      (Fedora)
    • Re: Does AD automatically sort attributes
      ... The LDAP V3 specification and AD both specify that clients should never ... > the ou attributes to match what we have in the older LDAP server. ... > Any advice grateful, ...
      (microsoft.public.windows.server.active_directory)
    • [opensuse] User authentication with LDAP, your experience?
      ... The LDAP server will be SLES, the clients are a variety of SUSE Linux systems, in different versions, and other Unix hosts. ... I think that nscd should run on the clients, as LDAP has a rather high latency, compared to NIS, and that would provide cached access to passwd map entries. ...
      (SuSE)
    • Re: pam_ldap and password management and rsh/ssh without password
      ... > authentication that doesn't require a password will fail. ... > that accounts may be expired (via ldap). ... pam_ldap has to actually be able to bind to the ldap server as the user ... disadvantage to this is that then the clients are managing the password ...
      (comp.unix.solaris)
    • Re: Coworkers for myLinux project
      ... On a request of Michael Tobler, the first poster, I have translated ... Cyrus IMAPD mailbox, a sendmail Alias in LDAP, and the home directory ... there is no package which allows Linux clients to authenticate ... certificates for Apache, sendmail, Cyrus IMAPD and OpenLDAP, and it ...
      (alt.os.linux)