Traffic filtering allows a device to apply security restrictions to network traffic. Filtering can be done on many levels but the most common are TCP, UDP and IP filtering.
Questions tagged [traffic-filtering]
41 questions
6
votes
1 answer
Tools for detecting network traffic filtering
In Iran we have an ongoing problem with the govt. blocking and manipulating various network protocols. I'm looking for a tool, framework or platform to help us analyze and report on any of these activities. If the framework would let us write custom…
![](../../users/profiles/203813.webp)
Iman
- 63
- 4
3
votes
1 answer
Ingress filtering in Linux traffic control: Redirect traffic to IFB device
I have an openwrt router and I want to shape incoming traffic in order to classify all the traffic addressed to a certain IP address in my home network as low priority. For that purpose I want to redirect all traffic incoming to the eth1 interface,…
![](../../users/profiles/111993.webp)
Dani Camps
- 301
- 6
- 11
3
votes
4 answers
Is there a good way to keep IPv6 multicast packets off WiFi?
I work on a product that consists of a number of headless Linux boxes that work together as a cluster.
These boxes synchronize their state with each other by sending proprietary-format link-local IPv6 multicast packets (to ff12::xxxx%en0). These…
![](../../users/profiles/19340.webp)
Jeremy Friesner
- 1,311
- 1
- 14
- 25
2
votes
2 answers
Limit packet rate, open connections, and IP addresses
On Linux, can I use tools like tc, iptables or others to control/shape network traffic on a network interface, for the following purposes:
Control the network packet number rate (or the total number).
Control the number of IP addresses connected…
![](../../users/profiles/302824.webp)
WindChaser
- 123
- 1
- 6
2
votes
2 answers
How to stop a site from redirecting to yours?
One of our competitors recently shut down. Instead of just taking their site down, they decided to redirect all their traffic to us with a 302 redirect. All of the traffic is redirected to us with the original path from their site, resulting in 404…
![](../../users/profiles/219982.webp)
Eran Galperin
- 629
- 1
- 5
- 8
2
votes
2 answers
Rejecting traffic where ACCEPT header is empty on favicon.ico requests
As part of filtering out potential harmful traffic, I currently reject traffic where $_SERVER["HTTP_ACCEPT"] is empty.
I notice from my logs that a fair number of requests have been rejected due to the accept header being empty and some of them come…
![](../../users/profiles/203564.webp)
mseifert
- 359
- 1
- 4
- 12
2
votes
1 answer
What is the purpose of filtering egressing traffic (CSF)?
For a while now I am using CSF as main firewall with LFD, and OSSEC as main IDS. (I like OSSEC over the overreacting builtin IDS of CSF).
I tested it for small DoS attacks such a slowloris variants and synfloods. Works fine.
Apache is running with…
![](../../users/profiles/124129.webp)
BTZ
- 23
- 4
2
votes
1 answer
Linux income filtering based on private destination IP address
I am trying to set up a QoS script in my OpenWRT box so that traffic coming from the Internet is classified into a low prio and a high prio class. The criteria to classify traffic is its destination IP address within my home network, i.e. a private…
![](../../users/profiles/111993.webp)
Dani Camps
- 301
- 6
- 11
2
votes
2 answers
What is 17.10.13.204 (Apple?) doing that's always blocked as port-scanning traffic?
I've just recently noticed an IP address that has been showing up in our SonicWall logs on a pretty frequent basis. Throughout the course of an average day, we'll see around 100 dropped packets originating from 17.10.13.204, which is in a block of…
![](../../users/profiles/79569.webp)
walkeran
- 356
- 1
- 5
2
votes
2 answers
Cisco ASA not forwarding traffic from one interface to another
I am needing help in the configuration process of my Cisco ASA 5510. I have set up 4 Cisco ASA interconnected together via a big LAN. Each Cisco ASA has 3 or 4 LANs attached to them. The IP routing part is taken care of by OSPF. My problem is on…
![](../../users/profiles/3431.webp)
Antoine Benkemoun
- 7,314
- 3
- 41
- 60
1
vote
1 answer
haproxy http check with a backup server shows 503 at main server down
I have been trying to setup a forward with haproxy.
listen POC-2019-02-03
bind 0.0.0.0:8083
timeout connect 14000
timeout client 180000
timeout server 180000
mode http
option forwardfor
http-request set-header…
![](../../users/profiles/315731.webp)
Fahad Ahammed
- 113
- 1
- 7
1
vote
1 answer
traffic shaping using ifb redirect
I would like to use ifb to perform some shaping for multiple virtual interfaces. However, I am not sure how to tell the ifb interface to egress to a dedicated egress interface
Right now vnet0 -> mirrer action mirror -> ifb0
I would like to to…
![](../../users/profiles/288658.webp)
user2066671
- 115
- 2
- 10
1
vote
3 answers
Unexpected ports open (traffic filtering?)
Discovered this when securing my VPS. No matter which host I scan with nmap, I always get these 2 ports open:
1863/tcp open unknown
5190/tcp open aol
What could be the reasons for this?
EDIT:
I'm performing a simple nmap host.name scan on servers…
![](../../users/profiles/2240.webp)
yanchenko
- 259
- 1
- 6
- 13
1
vote
2 answers
plesk + high POP3/IMAP traffic, how to check details?
Please check this image, it's a screenshot from plesk 10 of 1 domains mail traffic:
This domain has about 1GB POP3/IMAP (OUT) traffic each day. I know that this is not normal because I know the owner and how he's using his mail. It's just some…
![](../../users/profiles/111210.webp)
Danzzz
- 55
- 1
- 5
1
vote
5 answers
Barring connections if VPN is down
I have a VPN account and use it for sensitive communication. However the VPN connection sometimes is dropped while my main connection to the internet is still alive.
The pages I visit through VPN are on HTTP (not secure) and have javascript code…
![](../../users/profiles/25163.webp)
Majid Fouladpour
- 269
- 4
- 19