A network security analyst has noticed a flood of Simple Mail Transfer Protocol (SMTP) traffic to internal clients. SMTP traffic should only be allowed to email servers. Which of the following commands would stop this attack? (Choose two.)
A network security analyst has noticed a flood of Simple Mail Transfer Protocol (SMTP) traffic to internal clients. SMTP traffic should only be allowed to email servers. Which of the following commands would stop this attack? (Choose two.)
To address the issue of a flood of SMTP traffic to internal clients, the goal is to block unwanted SMTP traffic while allowing it only to designated email servers. The correct commands are: (1) iptables -A INPUT -p tcp –dport 25 -d x.x.x.x -j ACCEPT, which allows SMTP traffic to a specific email server, and (2) iptables -A INPUT -p tcp –dport 25 -j DROP, which blocks all other incoming SMTP traffic. These measures ensure that only legitimate email server communications are permitted while preventing the flood from affecting other internal clients.
SMTP traffic should only be allowed to email servers. Which of the following commands would stop this attack? (Choose two.) First - Rule A allows SMTP traffic to only a specified IP (assume mail server) Second - Rule C blocks all SMTP traffic not matching rule A A. [CORRECT] Outcome: Incoming SMTP traffic to the specified IP address will be allowed. B. [INCORRECT] Outcome: Incoming TCP traffic with a source port of 25 will be allowed. C. [CORRECT] Outcome: Incoming SMTP traffic will be blocked. D. [INCORRECT] Outcome: Incoming FTP traffic will be blocked. E. [INCORRECT] Outcome: Forwarded TCP traffic with destination ports in the specified range will be blocked.
To stop the flood of SMTP traffic to internal clients, you should block incoming SMTP traffic (port 25) to internal clients. The correct commands to achieve this are: C. iptables -A INPUT -p tcp --dport 25 -j DROP This command drops incoming TCP traffic on port 25, which is the SMTP port. E. iptables -A FORWARD -p tcp --dport 6881:6889 -j DROP This command is unrelated to SMTP traffic and is not necessary for addressing the SMTP flood issue. It drops incoming TCP traffic on ports 6881 to 6889. So, the correct options are C and E.