During the night (CET) my server stopped responding on all ports. I naturally thought this was a firewall event because all other VMs on the server looked ok. I was able to log in via terminal and as soon as i reset iptables everything worked. I then started to suspect some of the blocklists. I removed them all and restored them one by one. When turning on "Dshield top attackers list" I was locked out again.
So, if you are experiencing this kind of trouble, try to remove the dshield blacklist.
Dshield stopped all traffic to server
-
scott
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: Dshield stopped all traffic to server
Dshield blocks by the netblock (/24) rather than by the IP, so all it takes is for someone else on your segment to get your system as collatoral damage.
Re: Dshield stopped all traffic to server
But should the server be unreachable from both the inside and the outside if it's blocked? Shouldn't whitelisting work? I could not reach the server from any computer and the server could not communicate with the internet.
When searching for IP:s in the block I cannot find any indication of them being blacklisted.
When searching for IP:s in the block I cannot find any indication of them being blacklisted.
-
mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: Dshield stopped all traffic to server
Blacklists are applied to input and output.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone