Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I am wondering how do I set a rule in my IPTables to drop packets from a specific IP address at a given probability of dropping.
Eg. for dropping any random packet from any IP, I would use the command:
# for randomly dropping 10% of incoming packets:
iptables -A INPUT -m statistic --mode random --probability 0.1 -j DROP
However, I want to drop a specific IP at a given probability.
Seems like you read this tutorial here. Have you tried this. Assuming your IP address is 123.456.78.90:
iptables -s 123.456.78.90/32 -A INPUT -m statistic --mode random --probability 0.1 -j DROP
Or perhaps:
iptables -s 123.456.78.90/32 -p tcp -m tcp -A INPUT -m statistic --mode random --probability 0.1 -j DROP
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 4 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Improve this question
I came across a rule:
iptables -A INPUT -p tcp -s 17.3.3.5/24 -d 0/0 --dport 22 -j DROP
and I was just wondering if someone could explain what this rule is doing. More importantly, I would like to know what the
-d 0/0
part means, in the whole rule (I know its destination specification, so the 0/0 part should be an IP address, but why is it 0/0?).
Im speculating that the rule is dropping that one source address when it arrives at destination port 22, but I'm not sure.
If someone could explain, that would be great.
Couldn't find an answer when searching the interwebs :C
Just like -s 17.3.3.5/24 means any source within the CIDR block 17.3.3.5/24, -d 0/0 means any destination within the CIDR block 0.0.0.0/0. Since there are no bits in the network number, every address is inside this network. So it means any destination at all.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
I found this iptables rule in some project I am working on:
-A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
What does this rule mean? How does it make the network more secure?
It could be translated by "Drop every incoming segment that initialize a new TCP connection and where SYN control bit is not set among FIN,SYN,RST,ACK." (see here).
A TCP segment used to initialize a connection should have the SYN control bit set so that rule is there to ensure that. Also, I think this rule avoid the use of different port scan techniques involving segments without the SYN control bit set, like ACK scan. It silently drops the segment instead of sending an RST segment that could give information to a potential attacker.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
I want to run the traceroute program with a URL parameter (eg bbc.co.uk), and also a IP address (eg 134.170.188.221) but i'm at loss. Do I just type 'traceroute bbc.co.uk'? Also an explanation of the output would be great.
When you use traceroute, you just type the command followed by options and the url/IP you want to traceroute to.
for example as you stated :
traceroute www.google.com
traceroute 192.168.0.1
Depending on your linux distribution, you may find another command, traceroute6 wich only use IPV6. You also have options for IPV4/IPV6:
traceroute -4 192.168.0.1
traceroute -6 www.google.com
The output is the route a tcp packet follow to reach the destination.
The output will be formated like this :
traceroute to www.google.com (77.95.65.106), 30 hops max, 60 byte packets
1 192.168.0.1 (192.168.0.1) 0.404 ms 0.465 ms 0.321 ms
2 mk1072-l1b-v500.rezopole.net (77.95.71.197) 20.743 ms 18.531 ms 16.897 ms
3 * * *
The first part is the address ot the network equipment responding to your traceroute.
The second is the IP address of this network equipment.
The rest of the line is the respond time.
If the network equipment doesn't respond, you have a star.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I am looking for a means to pipe one serial ports data (regardless of data type) to another serial port. In my case I am trying to take in data from one serial port and output it through a radio connected to another serial port in real time.
I already know what ports I am using and have looked up a program called socat, which should be able to handle it but there are no examples of how to do this and I have not been able to figure out how to do it.
Has anybody been able to use socat or a bash scipt/some other method to accomplish this in Linux??
I am running Ubuntu 14.04.
Assuming the serial port you are reading from is /dev/ttyS0, and the other you are writing to (where the radio is connected) is /dev/ttyS1 you shall simply do:
cat /dev/ttyS0 > /dev/ttyS1
or
dd if=/dev/ttyS0 of=/dev/ttyS1 bs=1
Of course before you should set all the serial ports' parameters using stty command.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
Only using IPTABLES, how would you limit requests (pings for example) from the same Internet host to x number of packets per minute, say 5 for simplicity sake?
iptables -A INPUT -p ICMP -m limit --limit 5/minute --limit-burst 5 -j ACCEPT
-m limit: This uses the limit iptables extension
–limit 5/minute: This limits only maximum of 5 connection per minute. Change this value based on your specific requirement
–limit-burst 5: This value indicates that the limit/minute will be enforced only after the total number of connection have reached the limit-burst level.
The above should do the trick!