MY VPS FIREWALL - OVH VPS

FuZz3

Member
Sep 14, 2015
4
0
36
Hi guys i wanted your opinion on my firewall i had a huge ddos attack and i googled a firewall, and i added a couple rules to it!
This firewall runs websites, sinusbot, teamspeak 3
It has allot of ddos methods blocked but i tried with loic and i saw my packets coming in on the vps!
I used iftop to see the packets BTW!
Code:
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -A INPUT -p udp --dport 9987 -j ACCEPT
iptables -A INPUT -p udp --sport 9987 -j ACCEPT
iptables -A INPUT -p udp --dport 9988 -j ACCEPT
iptables -A INPUT -p udp --sport 9988 -j ACCEPT
iptables -A INPUT -p tcp --dport 30033 -j ACCEPT
iptables -A INPUT -p tcp --sport 30033 -j ACCEPT
iptables -A INPUT -p tcp --dport 10011 -j ACCEPT
iptables -A INPUT -p tcp --sport 10011 -j ACCEPT
iptables -A INPUT -p tcp --dport 41144 -j ACCEPT
iptables -A INPUT -p tcp --sport 41144 -j ACCEPT
iptables -A INPUT -p tcp --dport 2010 -j ACCEPT
iptables -A INPUT -p tcp --sport 2010 -j ACCEPT
iptables -A INPUT -p tcp --dport 2011 -j ACCEPT
iptables -A INPUT -p tcp --sport 2011 -j ACCEPT
iptables -A INPUT -p tcp --dport 2008 -j ACCEPT
iptables -A INPUT -p tcp --sport 2008 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --sport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 8087 -j ACCEPT
iptables -A INPUT -p tcp --sport 8087 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --sport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --sport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --sport 22 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --sport 53 -j ACCEPT
iptables -A OUTPUT -p udp -d weblist.teamspeak.com --dport 2010 -j ACCEPT
iptables -A OUTPUT -p tcp -d accounting.teamspeak.com --dport 2008 -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -I INPUT -s 109.51.48.210 -j DROP
iptables -A INPUT -p icmp --icmp-type echo-request -j REJECT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags PSH,ACK PSH -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,PSH,URG -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
iptables -A INPUT -f -j DROP
iptables -A INPUT -p udp -m udp --sport 19 -j DROP
iptables -A INPUT -p udp -m udp --sport 123 -j DROP
iptables -A INPUT -p udp -m udp --sport 161 -j DROP
iptables -A INPUT -p udp -m udp --sport 1433 -j DROP
iptables -A INPUT -p udp -m udp --sport 1900 -j DROP
iptables -A INPUT -p udp -m udp --sport 27015 -j DROP
iptables -A INPUT -p udp -m udp --sport 27950 -j DROP
iptables -A INPUT -p udp -m udp --sport 27952 -j DROP
iptables -A INPUT -p udp -m udp --sport 27960 -j DROP
iptables -A INPUT -p udp -m udp --sport 27965 -j DROP
iptables -A INPUT -p icmp -j DROP
iptables -A INPUT -p udp -m udp --sport 19329 -j DROP
iptables -A INPUT -p udp -m udp --sport 53 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 53 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 19329 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 5353 -j DROP
iptables -A INPUT -p udp -m udp --sport 5353 -j DROP
iptables -A INPUT -p udp -m udp --sport 7143 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 7143 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 123 -j DROP
iptables -A INPUT -p udp -m udp --sport 123 -j DROP
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p icmp -j DROP
iptables -N syn-flood
iptables -A syn-flood -m limit --limit 10/sec --limit-burst 15 -j RETURN
iptables -A syn-flood -j LOG --log-prefix "SYN flood: "
iptables -A syn-flood -j DROP
iptables-save > /etc/iptables/rules.v4
iptables-save > $HOME/firewall.txt

BTW guys if u know how to perfect my firewall pls tell me !
 

adonradon

Member
Jul 13, 2016
27
17
50
Hi guys i wanted your opinion on my firewall i had a huge ddos attack and i googled a firewall, and i added a couple rules to it!
This firewall runs websites, sinusbot, teamspeak 3
It has allot of ddos methods blocked but i tried with loic and i saw my packets coming in on the vps!
I used iftop to see the packets BTW!
Code:
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -A INPUT -p udp --dport 9987 -j ACCEPT
iptables -A INPUT -p udp --sport 9987 -j ACCEPT
iptables -A INPUT -p udp --dport 9988 -j ACCEPT
iptables -A INPUT -p udp --sport 9988 -j ACCEPT
iptables -A INPUT -p tcp --dport 30033 -j ACCEPT
iptables -A INPUT -p tcp --sport 30033 -j ACCEPT
iptables -A INPUT -p tcp --dport 10011 -j ACCEPT
iptables -A INPUT -p tcp --sport 10011 -j ACCEPT
iptables -A INPUT -p tcp --dport 41144 -j ACCEPT
iptables -A INPUT -p tcp --sport 41144 -j ACCEPT
iptables -A INPUT -p tcp --dport 2010 -j ACCEPT
iptables -A INPUT -p tcp --sport 2010 -j ACCEPT
iptables -A INPUT -p tcp --dport 2011 -j ACCEPT
iptables -A INPUT -p tcp --sport 2011 -j ACCEPT
iptables -A INPUT -p tcp --dport 2008 -j ACCEPT
iptables -A INPUT -p tcp --sport 2008 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --sport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 8087 -j ACCEPT
iptables -A INPUT -p tcp --sport 8087 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --sport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --sport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --sport 22 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --sport 53 -j ACCEPT
iptables -A OUTPUT -p udp -d weblist.teamspeak.com --dport 2010 -j ACCEPT
iptables -A OUTPUT -p tcp -d accounting.teamspeak.com --dport 2008 -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -I INPUT -s 109.51.48.210 -j DROP
iptables -A INPUT -p icmp --icmp-type echo-request -j REJECT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,ACK FIN -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags PSH,ACK PSH -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags ACK,URG URG -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,PSH,ACK,URG -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,PSH,URG -j DROP
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,SYN,RST,ACK,URG -j DROP
iptables -A INPUT -f -j DROP
iptables -A INPUT -p udp -m udp --sport 19 -j DROP
iptables -A INPUT -p udp -m udp --sport 123 -j DROP
iptables -A INPUT -p udp -m udp --sport 161 -j DROP
iptables -A INPUT -p udp -m udp --sport 1433 -j DROP
iptables -A INPUT -p udp -m udp --sport 1900 -j DROP
iptables -A INPUT -p udp -m udp --sport 27015 -j DROP
iptables -A INPUT -p udp -m udp --sport 27950 -j DROP
iptables -A INPUT -p udp -m udp --sport 27952 -j DROP
iptables -A INPUT -p udp -m udp --sport 27960 -j DROP
iptables -A INPUT -p udp -m udp --sport 27965 -j DROP
iptables -A INPUT -p icmp -j DROP
iptables -A INPUT -p udp -m udp --sport 19329 -j DROP
iptables -A INPUT -p udp -m udp --sport 53 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 53 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 19329 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 5353 -j DROP
iptables -A INPUT -p udp -m udp --sport 5353 -j DROP
iptables -A INPUT -p udp -m udp --sport 7143 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 7143 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 123 -j DROP
iptables -A INPUT -p udp -m udp --sport 123 -j DROP
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p icmp -j DROP
iptables -N syn-flood
iptables -A syn-flood -m limit --limit 10/sec --limit-burst 15 -j RETURN
iptables -A syn-flood -j LOG --log-prefix "SYN flood: "
iptables -A syn-flood -j DROP
iptables-save > /etc/iptables/rules.v4
iptables-save > $HOME/firewall.txt

BTW guys if u know how to perfect my firewall pls tell me !
Please use "RETURN", If u want to do security ur server, u shouldn't use ACCEPT
 

BERNARDO

Member
Sep 21, 2015
15
8
35
@FuZz3 IPTables is from the top to the bottom. So when you accept everything at the beginning then all the drop rules wont work :) If you want help from me, join on my teamspeak : REMOVED BY MOD QRAKTZYL and visit my website to see my self made protection REMOVED BY MOD QRAKTZYL

With best regards,
Bernardo :)

MOD QRAKTZYL EDIT :
Please do not refer to any other security website/forum. You can discuss about it here without any problem :)!
 
Last edited by a moderator:

ikfes

Member
Apr 15, 2016
62
8
55
Your iptables are inconsitent..
You have
iptables -t mangle -X
instead of normal filtering, then why don't you use prerouting?

Here is what I use.. My friend made these for me.
Noteworthy is that I use teamspeak.red "license" instead of the crack provided by this site. Not sure if it affects or not.

Code:
# Flush rules
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -t raw -F PREROUTING
iptables -t raw -F OUTPUT
# List policies first
iptables -P INPUT DROP; iptables -P FORWARD DROP; iptables -P OUTPUT ACCEPT;
# Disable connection tracking on voice server ports
iptables -A PREROUTING -t raw -p udp --dport 9987 -j NOTRACK
iptables -A OUTPUT -t raw -p udp --sport 9987 -j NOTRACK
# Allow TCP inbound
iptables -A INPUT -p tcp -m state --state NEW -m multiport --dports 21,22 -j ACCEPT
# Drop invalid UDP
iptables -A PREROUTING -t raw -p udp --dport 9987 -m length --length 0:32 -j DROP
iptables -A PREROUTING -t raw -p udp --dport 9987 -m length --length 2521:65535 -j DROP
iptables -A PREROUTING -t raw -p udp --dport 9987 -m length --length 98 -j DROP
# Drop TS3 booter methods
iptables -A PREROUTING -t raw -p udp --dport 9987 -m string --hex-string '|fa163eb402096ac8|' --algo kmp -j DROP
iptables -A PREROUTING -t raw -p udp --dport 9987 -m string --hex-string '|71f63813d5422309|' --algo kmp -j DROP
# Allow incoming packets related to outgoing ones.
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# Allow UDP inbound
iptables -A INPUT -p udp --dport 9987 -j ACCEPT
# Allow ICMP
iptables -A INPUT -p icmp -j ACCEPT
# Log all dropped packets to /var/log/messages
iptables -N LOGGING
iptables -A INPUT -j LOGGING
iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: " --log-level 4
iptables -A LOGGING -j DROP

Whats good about these rules, is that there is no tracking at all so these do not eat your CPU no matter how big the attack is..

Also I block all traffic from sourceports: UDP 19 (Chargen), UDP 53 (SSDP), UDP 123 (NTP) on OVH control panel IP-Firewall. and this mitigates over half of the L4 UDP floods on OVH network level without even reaching the server. Whatever reaches the server, gets blocked by iptables without eating up the CPU.

This runs on Debian 7
 
Last edited:

FuZz3

Member
Sep 14, 2015
4
0
36
Hmm looks good but i dont really see rules to block attacks, mine blocks a bunch of methods!
 

ikfes

Member
Apr 15, 2016
62
8
55
Hmm looks good but i dont really see rules to block attacks, mine blocks a bunch of methods!
It drops invalid UDP on all ports, drops packets with specific hex, and pretty much everything thats not coming to destination port 9987. This is just a base ruleset. As I get attacks on TS3 port, I'll analyze with tcpdump and add more rules on this list.
 

ikfes

Member
Apr 15, 2016
62
8
55
These should be blocked on OVH IP-firewall instead of on local iptables of ur machine.

iptables -A INPUT -p udp -m udp --sport 19 -j DROP
iptables -A INPUT -p udp -m udp --sport 123 -j DROP
iptables -A INPUT -p udp -m udp --sport 161 -j DROP
iptables -A INPUT -p udp -m udp --sport 1433 -j DROP
iptables -A INPUT -p udp -m udp --sport 1900 -j DROP
iptables -A INPUT -p udp -m udp --sport 27015 -j DROP
iptables -A INPUT -p udp -m udp --sport 27950 -j DROP
iptables -A INPUT -p udp -m udp --sport 27952 -j DROP
iptables -A INPUT -p udp -m udp --sport 27960 -j DROP
iptables -A INPUT -p udp -m udp --sport 27965 -j DROP
iptables -A INPUT -p icmp -j DROP
iptables -A INPUT -p udp -m udp --sport 19329 -j DROP
iptables -A INPUT -p udp -m udp --sport 53 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 53 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 19329 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 5353 -j DROP
iptables -A INPUT -p udp -m udp --sport 5353 -j DROP
iptables -A INPUT -p udp -m udp --sport 7143 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 7143 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 123 -j DROP
iptables -A INPUT -p udp -m udp --sport 123 -j DROP
 

adonradon

Member
Jul 13, 2016
27
17
50
Like all rules of iptables that end with accept replace to return?
If u use ACCEPT, for example: someone attacks to u, u can't block because u write to ACCEPT like 22 tcp (SSH PORT). u replace ACCEPT to RETURN. of course...
 

adonradon

Member
Jul 13, 2016
27
17
50
These should be blocked on OVH IP-firewall instead of on local iptables of ur machine.

iptables -A INPUT -p udp -m udp --sport 19 -j DROP
iptables -A INPUT -p udp -m udp --sport 123 -j DROP
iptables -A INPUT -p udp -m udp --sport 161 -j DROP
iptables -A INPUT -p udp -m udp --sport 1433 -j DROP
iptables -A INPUT -p udp -m udp --sport 1900 -j DROP
iptables -A INPUT -p udp -m udp --sport 27015 -j DROP
iptables -A INPUT -p udp -m udp --sport 27950 -j DROP
iptables -A INPUT -p udp -m udp --sport 27952 -j DROP
iptables -A INPUT -p udp -m udp --sport 27960 -j DROP
iptables -A INPUT -p udp -m udp --sport 27965 -j DROP
iptables -A INPUT -p icmp -j DROP
iptables -A INPUT -p udp -m udp --sport 19329 -j DROP
iptables -A INPUT -p udp -m udp --sport 53 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 53 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 19329 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 5353 -j DROP
iptables -A INPUT -p udp -m udp --sport 5353 -j DROP
iptables -A INPUT -p udp -m udp --sport 7143 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 7143 -j DROP
iptables -A INPUT -p tcp -m tcp --sport 123 -j DROP
iptables -A INPUT -p udp -m udp --sport 123 -j DROP
If u want to block ICMP protocol, u should use /etc/sysctl.conf
net.ipv4.icmp_echo_ignore_all=1 or echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
This is better than IPTABLES icmp drop
when I checked ur rules I saw that sport 53 drop, If u block sport 53 udp, u never ever do DNS resolve be careful about this, For example weblist.teamspeak.com (u can't resolve that)
this is better for dns amp attack blocking.
iptables -A INPUT ! -s 8.8.8.8 -p udp --sport 53 -j DROP
 
Last edited:

ikfes

Member
Apr 15, 2016
62
8
55
If u want to block ICMP protocol, u should use /etc/sysctl.conf
net.ipv4.icmp_echo_ignore_all=1 or echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
This is better than IPTABLES icmp drop
Correct, but if the DDoS is done via ICMP methods, its still wrong. If it gets to the machine the bandwidth is already wasted. Therefore block in OVH Network level if you block at all.
when I checked ur rules I saw that sport 53 drop, If u block sport 53 udp, u never ever do DNS resolve be careful about this, For example weblist.teamspeak.com (u can't resolve that)
this is better for dns amp attack blocking.
iptables -A INPUT ! -s 8.8.8.8 -p udp --sport 53 -j DROP
Thats not my iptables. I suppose the reason he blocks sport 53 is due SSDP/DNS reflection attacks which always come from port 53. As for DNS resolving, this is why you have to allow incoming packets related to outgoing ones. This too, though should be blocked and allowed conditionally on OVH ip-firewall.
 

Ramses

Active Member
Sep 11, 2016
33
2
80
What problem guys. My teamspeak 3 server log. I need good iptables rules
16-09-30 17:14:25.382510|INFO |PktHandler |1 |Dropping client 133 because of ping timeout 19 0 0
2016-09-30 17:14:25.382841|INFO |PktHandler |1 |Dropping client 134 because of ping timeout 19 0 0
2016-09-30 17:14:25.383313|INFO |PktHandler |1 |Dropping client 135 because of ping timeout 19 0 0
2016-09-30 17:14:25.385898|INFO |PktHandler |1 |Dropping client 136 because of ping timeout 19 0 0
2016-09-30 17:14:25.386301|INFO |PktHandler |1 |Dropping client 137 because of ping timeout 19 0 0
2016-09-30 17:14:25.386685|INFO |PktHandler |1 |Dropping client 139 because of ping timeout 19 0 0
2016-09-30 17:14:25.387126|INFO |PktHandler |1 |Dropping client 140 because of ping timeout 19 0 0
2016-09-30 17:14:25.387461|INFO |PktHandler |1 |Dropping client 141 because of ping timeout 19 0 0
2016-09-30 17:14:25.387824|INFO |PktHandler |1 |Dropping client 143 because of ping timeout 19 0 0
2016-09-30 17:14:25.388182|INFO |PktHandler |1 |Dropping client 144 because of ping timeout 19 0 0
2016-09-30 17:14:25.388564|INFO |PktHandler |1 |Dropping client 145 because of ping timeout 19 0 0
2016-09-30 17:14:25.391008|INFO |PktHandler |1 |Dropping client 146 because of ping timeout 19 0 0
2016-09-30 17:14:25.391368|INFO |PktHandler |1 |Dropping client 147 because of ping timeout 19 0 0
2016-09-30 17:14:25.391636|INFO |PktHandler |1 |Dropping client 148 because of ping timeout 19 0 0
2016-09-30 17:14:25.392030|INFO |PktHandler |1 |Dropping client 149 because of ping timeout 19 0 0
2016-09-30 17:14:25.394114|INFO |PktHandler |1 |Dropping client 151 because of ping timeout 19 0 0
2016-09-30 17:14:25.394474|INFO |PktHandler |1 |Dropping client 152 because of ping timeout 19 0 0
2016-09-30 17:14:25.396434|INFO |PktHandler |1 |Dropping client 153 because of ping timeout 19 0 0
2016-09-30 17:14:25.396740|INFO |PktHandler |1 |Dropping client 154 because of ping timeout 19 0 0
2016-09-30 17:14:25.396986|INFO |PktHandler |1 |Dropping client 155 because of ping timeout 19 0 0
 
Top