The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

APF antidos

Discussion in 'General Discussion' started by DigitalKeg, Mar 1, 2006.

  1. DigitalKeg

    DigitalKeg Registered

    Joined:
    Feb 22, 2006
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Looking for a bit of insight on how to read these logs. Haven't been very successful in finding information so I figured I'd try here.

    The reason this particular log caught my eye was the fact the source IP address involved is my own (there are 6 individuals including myself who share this net connection). I'm assuming "MAC" would refer to the MAC address of the interface. Though when looking at what the value of MAC is, its much too long to be a MAC address.

    Any information would be nice.

    APF [antidos] log:
    Feb 28 04:04:47 guinness antidos(27895): *.*.*.* -> *.*.*.*:51152
    Feb 28 04:04:47 guinness antidos(27895): *.*.*.* -> *.*.*.* (DROPPED)

    Event logs:
    Feb 27 19:31:34 guinness kernel:
    ** IN_TCP DROP **
    IN=eth0
    OUT=
    MAC=00:0f:1f:fa:79:f9:00:11:bb:37:10:ff:08:00
    SRC=24.130.174.25
    DST=70.85.81.190
    LEN=48
    TOS=0x04
    PREC=0xA0
    TTL=114
    ID=809 DF
    PROTO=TCP
    SPT=3427
    DPT=34777
    WINDOW=65535
    RES=0x00 SYN
    URGP=0

    (goes on quite a bit with multiple entries very similar to the above)
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You're probably better off asking on the application developers forum over at rfxnetworks.com for support for their script.

    Not sure why it seems to be concatenating two MAC addresses. That said, I would definitely not recommend using the APF antidos mechansim. It's an easy way to slow the server down to a crawl and render it unbootable:
    http://www.configserver.com/blog/index.php?itemid=5
     

Share This Page