Exam CFR-310 topic 1 question 1 discussion

A. iptables -A INPUT -p tcp –dport 25 -d x.x.x.x -j ACCEPT allows SMTP to a specific IP (mail server) C. iptables -A INPUT -p tcp –dport 25 -j DROP Drops all SMTP traffic So first rule A is followed, then rule C is followed.

SMTP traffic should only be allowed to email servers. Which of the following commands would stop this attack? (Choose two.) First - Rule A allows SMTP traffic to only a specified IP (assume mail server) Second - Rule C blocks all SMTP traffic not matching rule A A. [CORRECT] Outcome: Incoming SMTP traffic to the specified IP address will be allowed. B. [INCORRECT] Outcome: Incoming TCP traffic with a source port of 25 will be allowed. C. [CORRECT] Outcome: Incoming SMTP traffic will be blocked. D. [INCORRECT] Outcome: Incoming FTP traffic will be blocked. E. [INCORRECT] Outcome: Forwarded TCP traffic with destination ports in the specified range will be blocked.

To stop the flood of SMTP traffic to internal clients, you should block incoming SMTP traffic (port 25) to internal clients. The correct commands to achieve this are: C. iptables -A INPUT -p tcp --dport 25 -j DROP This command drops incoming TCP traffic on port 25, which is the SMTP port. E. iptables -A FORWARD -p tcp --dport 6881:6889 -j DROP This command is unrelated to SMTP traffic and is not necessary for addressing the SMTP flood issue. It drops incoming TCP traffic on ports 6881 to 6889. So, the correct options are C and E.