Firewall Summary of Attack Chain RATELIMIT (1 references) num pkts bytes target prot opt in out source destination 1 41428 3277K DNSABUSE udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 limit: above 6/sec burst 5 mode srcip srcmask 16 2 29981 2372K DNSABUSE udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 limit: above 10/min burst 3 mode srcip 3 189K 15M all -- * * 0.0.0.0/0 0.0.0.0/0 recent: SET name: suspicious side: source mask: 255.255.255.255 4 1274 103K SET all -- * * 0.0.0.0/0 0.0.0.0/0 recent: UPDATE seconds: 60 hit_count: 20 name: suspicious side: source mask: 255.255.255.255 add-set softban src 5 39948 3195K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 recent: UPDATE seconds: 3600 hit_count: 5 name: suspicious side: source mask: 255.255.255.255 [root@gate0 reports]# iptables -L DNSABUSE -nv --line Chain DNSABUSE (2 references) num pkts bytes target prot opt in out source destination 1 71409 5649K LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "Major Abuser: DNS " 2 71409 5649K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Banned Activity Log: Aug 4 2020 Unclass - Preroute Other DenDNS - DNS Denied Log Hits type 1 Frag - Preroute Frags RawDNS - DNS Raw Log HIts Fake - Preroute Spoof Other - Other Log Hits, Unclassified Denied - Denied non-ICMP i_echo - ICMP Echo DNS - Denied DNS Log Hits type 0 i_other - ICMP Other ICMP - Denied ICMP icmp - ICMP Permitted Softban - Soft Ban Reg - Log Hits excluding Soft/Hard Bans BanPerm - Hard Ban Totals - Total Log Hits CDT [+ Preroute +++++++++++] [+ DENIED +++++++++++++++++++++++++++++++] [+ DNS +++++++] [+ ICMP ++++++++++++++++] [+ Sub/Tot +] ========================================================================================================================================================= Hour xx - Unclass Frag Fake Denied DNS ICMP SoftBan BanPerm DenDNS RawDNS Other i_ echo i_other icmp Reg Total ========================================================================================================================================================= Hour 00 - 0 0 0 0 248 0 175 0 139 176 14 0 3 3 583 580 Hour 01 - 0 0 0 0 63 2 7 0 18 7 16 0 1 1 108 107 Hour 02 - 0 0 0 0 71 3 22 0 30 22 17 0 0 0 143 143 Hour 03 - 0 0 0 0 164 3 45 0 15 45 16 0 1 1 245 244 Hour 04 - 0 0 0 0 56 3 40 0 12 41 39 0 4 4 159 154 Hour 05 - 0 0 0 0 214 4 83 0 33 84 18 0 0 0 353 353 Hour 06 - 0 0 0 0 133 5 497 0 28 497 15 0 0 0 678 678 Hour 07 - 0 0 0 0 258 8 95 0 24 95 18 0 1 1 405 404 Hour 08 - 0 0 0 0 40 3 1909 0 5 1909 18 0 4 4 1983 1979 Hour 09 - 0 0 0 0 123 3 2119 0 16 2119 52 0 1 1 2315 2314 Hour 10 - 0 0 0 0 195 4 2428 0 9 2428 23 0 7 7 2673 2666 Hour 11 - 0 0 0 0 96 2 3747 0 6 3747 72 0 15 15 3953 3938 Hour 12 - 0 0 0 0 368 1 417 0 50 417 19 0 0 0 855 855 Hour 13 - 0 0 0 0 22 1 0 0 15 2 39 0 0 0 79 79 Hour 14 - 0 0 0 0 261 2 113 0 21 113 17 0 0 0 414 414 Hour 15 - 0 0 0 0 89 2 87 0 13 88 44 0 6 6 248 242 Hour 16 - 0 0 0 0 712 4 136 0 85 137 27 0 12 12 989 976 Hour 17 - 0 0 0 0 91 5 42 0 6 42 19 0 1 1 165 164 Hour 18 - 0 0 0 0 360 1 185 0 58 185 26 0 2 2 634 632 Hour 19 - 0 0 0 0 29 2 10 0 17 11 21 0 0 0 80 80 Hour 20 - 0 0 0 0 233 3 0 0 28 0 84 0 0 0 348 348 Hour 21 - 0 0 0 0 152 0 17 0 22 19 25 0 5 5 228 223 Hour 22 - 0 0 0 0 233 1 0 0 14 0 20 0 8 8 284 276 Hour 23 - 0 0 0 0 83 2 0 0 7 1 23 0 2 2 120 118 ========================================================================================================================================================= Banned Activity Log: Aug 5 2020 Unclass - Preroute Other DenDNS - DNS Denied Log Hits type 1 Frag - Preroute Frags RawDNS - DNS Raw Log HIts Fake - Preroute Spoof Other - Other Log Hits, Unclassified Denied - Denied non-ICMP i_echo - ICMP Echo DNS - Denied DNS Log Hits type 0 i_other - ICMP Other ICMP - Denied ICMP icmp - ICMP Permitted Softban - Soft Ban Reg - Log Hits excluding Soft/Hard Bans BanPerm - Hard Ban Totals - Total Log Hits CDT [+ Preroute +++++++++++] [+ DENIED +++++++++++++++++++++++++++++++] [+ DNS +++++++] [+ ICMP ++++++++++++++++] [+ Sub/Tot +] ========================================================================================================================================================= Hour xx - Unclass Frag Fake Denied DNS ICMP SoftBan BanPerm DenDNS RawDNS Other i_ echo i_other icmp Reg Total ========================================================================================================================================================= Hour 00 - 0 0 0 0 80 4 0 0 14 0 80 0 0 0 178 178 Hour 01 - 0 0 0 0 311 2 151 0 37 153 44 0 4 4 555 551 Hour 02 - 0 0 0 0 117 2 101 0 44 102 18 0 0 0 283 283 Hour 03 - 0 0 0 0 200 3 128 0 37 128 18 0 8 8 402 394 Hour 04 - 0 0 0 0 121 3 17 0 5 18 13 0 4 4 168 164 Hour 05 - 0 0 0 0 107 3 152 0 23 152 39 0 0 0 324 324 Hour 06 - 0 0 0 0 179 0 29 0 18 30 6 0 12 12 257 244 Hour 07 - 0 0 0 0 141 0 55 0 24 55 23 0 0 0 243 243 Hour 08 - 0 0 0 0 92 0 32 0 23 32 30 0 2 2 181 179 Hour 09 - 0 0 0 0 49 4 155 0 14 148 45 0 9 2 271 269 Hour 10 - 0 0 0 0 49 1 270 0 19 270 72 0 5 5 421 416 Hour 11 - 0 0 0 0 71 1 16 0 55 16 35 0 5 5 188 183 Hour 12 - 0 0 0 0 100 3 97 0 42 97 25 0 4 4 275 271 Hour 13 - 0 0 0 0 91 1 44 0 75 44 24 0 4 4 243 239 Hour 14 - 0 0 0 0 127 0 62 0 21 62 19 0 3 3 235 232 Hour 15 - 0 0 0 0 90 1 7 0 22 7 41 0 0 0 161 161 Hour 16 - 0 0 0 0 112 1 0 0 24 0 19 0 0 0 156 156 Hour 17 - 0 0 0 0 69 3 2 0 10 3 26 0 4 4 119 115 Hour 18 - 0 0 0 0 136 3 286 0 12 286 22 0 4 4 467 463 Hour 19 - 0 0 0 0 17 2 1880 0 61 1880 15 0 3 3 1981 1978 Hour 20 - 0 0 0 0 278 1 141 0 93 141 31 0 1 1 546 545 Hour 21 - 0 0 0 0 180 1 38 0 91 40 72 0 6 6 396 390 Hour 22 - 0 0 0 0 122 1 96 0 34 98 39 0 0 0 294 294 Hour 23 - 0 0 0 0 49 0 4 0 17 5 29 0 15 15 130 115 =========================================================================================================================================================