[tech] hydra
Duncan Sargeant
dunc-mail-131574E at rcpt.to
Thu Aug 30 18:10:17 WST 2001
Grahame Bowland wrote on Thu August 30, at 17:46 +0800:
> On Thu, Aug 30, 2001 at 05:26:05PM +0800, Duncan Sargeant wrote:
> > Bryden was running a DNS bomb.
> >
> > Bryden - stop it or we will tell on you.
>
> access-list 144 deny ip any host 130.95.3.3
> access-list 144 deny ip any host 130.95.3.87
> access-list 144 deny ip any host 130.95.3.144
> access-list 144 deny ip host 130.95.3.3 any
> access-list 144 deny ip host 130.95.3.87 any
> access-list 144 deny ip host 130.95.3.144 any
> access-list 144 permit ip any any
>
> int fa 0/0/0.1
> ip access-group 144 out
I took a snapshot of /proc/net/ip_conntrack ...
hydra:/tmp# wc -l /tmp/ip_conntrack
7138 /tmp/ip_conntrack
hydra:/tmp# egrep -c 'src=130\.95\.13\.18 dst=130\.95\.128\.[0-9]+ [^ ]+
dport=53' /tmp/ip_conntrack
7018
It seems stupid to me that ip_conntrack keeps track of /every/
connection ... it would be useful if you could specify a chain which
determined which connections are tracked. In this example, we don't
need to track these connections because we don't need to masquerade
it.
Anyway, I've only learnt about it in the last 20 minutes ... anyone
with more experience with it know any better?
,dunc
More information about the tech
mailing list