Weird problem with APF / AntiDos

I run a pretty popular irc network on one of my fedora core 2 boxes, and I have a very weird thing happening right now. It seems that my server is getting packets to port 8000 at ~ 3 second intervals from users connected to my IRC network, which makes no sence at all. The ports open for IRC are 6666-6669 and 7000, not 8000!

I have no idea why the packets are being sent to the box, but it is freaking out AntiDos and APF, which in turn is resulting in IP blacklisting of the users on my network one at a time. I cannot for the life of me figure out how to get AntiDos to either ignore packets with a destination port of 8000 in the kernel log entries, or to get APF to just drop the packets and not log it at all to /var/messages so that AntiDos won't see it and won't blacklist the IP.

I have tried adding the port to AntiDos's ignore list, to noncrit.ports, and to APF's CDPORTS section to no avail.

Could anyone help point me in the write direction, or give me some instructions on how to accomplish this?

Thanks!

 

 

 

 

Top