[Firehol-support] please help, huge amounts of UDP traffic need to be dropped
costa at tsaousis.gr
Fri Jul 18 08:17:23 BST 2003
It will be the same. The traffic will come to your machine and then blocked.
To protect your link (and not just the machine), I suggest to talk to your
network administrator (or ISP).
The easiest way to do it (if you have a DSL, for example), is to change
your IPs. The more "ethical" way is to fill an abuse report for your
network administrator or ISP and ask them to block these IPs in a router
at their side, before entering the way towards you.
Most probably the machines that send you this traffic have some kind of
virus, so it would be good to let them know what is happening.
maillist at bestworldweb.homelinux.com said:
> Hi Costa,
> Would it be possible to ban specific IPs? Would that stop the problem?
> On Fri, 2003-07-18 at 10:18, Costa Tsaousis wrote:
>> Hi Paul,
>> Well, if you didn't allow it... it is already blocked ! You should
>> have logs about it. Check it.
>> In FireHOL, everything that is not allowed is blocked: in other words
>> the traffic comes into the machine but the firewall cuts it, so it
>> does not reach any application running on the machine, although the
>> traffic already came there.
>> For most kinds of traffic this means that the first packet of a
>> session gets into the machine, but becuase the machine does not
>> acknowledge it, no other packets are send. This is true for TCP. But
>> UDP and ICMP are stateless and do not care about acknowledgements. So,
>> a firewall does not prevent this kind of traffic from consuming your
>> If there is something consuming precious bandwidth this way, you have
>> to find a way of cutting it before entering the link you want to
> This SF.net email is sponsored by: VM Ware
> With VMware you can run multiple operating systems on a single machine.
> WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
> same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
> Firehol-support mailing list
> Firehol-support at lists.sourceforge.net
More information about the Firehol-support